Package: libopenconnect3 Version: 6.00-1+b1 Severity: important Tags: patch
Hello, When using openconnect when my belpic card, openconnect is crashing with a double free error. Got no issuer from PKCS#11 *** Error in `/usr/sbin/openconnect': double free or corruption (!prev): 0x0000555555cc5650 *** The attached patch (coming from upstream) fix this issue Cheers, Laurent Bigonville -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.19.0-trunk-amd64 (SMP w/8 CPU cores) Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libopenconnect3 depends on: ii libc6 2.19-17 ii libgnutls-deb0-28 3.3.8-6 ii liboath0 2.4.1-1 ii libp11-kit0 0.20.7-1 ii libproxy1 0.4.11-4+b2 ii libstoken1 0.6-1 ii libxml2 2.9.2+dfsg1-3 ii multiarch-support 2.19-17 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages libopenconnect3 recommends: ii ca-certificates 20141019 libopenconnect3 suggests no packages. -- no debconf information
diff -Nru openconnect-6.00/debian/patches/01_fix-double-free.patch openconnect-6.00/debian/patches/01_fix-double-free.patch --- openconnect-6.00/debian/patches/01_fix-double-free.patch 1970-01-01 01:00:00.000000000 +0100 +++ openconnect-6.00/debian/patches/01_fix-double-free.patch 2015-03-26 12:21:02.000000000 +0100 @@ -0,0 +1,40 @@ +From: Paul Donohue <[email protected]> +Date: Fri, 24 Oct 2014 14:58:02 +0000 (-0400) +Subject: Fix invalid/double free if PKCS#11 token does not include CA certs +X-Git-Tag: v7.00~86 +X-Git-Url: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff_plain/3215c30539daf96d4ee9f358e2b6c67f8b01dfdd + +Fix invalid/double free if PKCS#11 token does not include CA certs + +Commit b06b862f5 ("Include supporting certificates from PKCS#11 tokens") +calls gnutls_free() on an invalid 't.data' value if +gnutls_pkcs11_get_raw_issuer() returns an error, and calls +gnutls_x509_crt_deinit() twice on 'issuer' if gnutls_x509_crt_import() +returns an error. + +If the Issuer cert is not available on the PKCS#11 token, +then gnutls_pkcs11_get_raw_issuer() fails and the call to +gnutls_free(t.data) causes libc to print the following message then +kill the process: +--- a/gnutls.c ++++ b/gnutls.c +@@ -1506,7 +1506,10 @@ static int load_certificate(struct openc + err = gnutls_x509_crt_import(issuer, &t, GNUTLS_X509_FMT_DER); + if (err) + gnutls_x509_crt_deinit(issuer); ++ else ++ free_issuer = 1; + } ++ gnutls_free(t.data); + } + if (err) { + vpn_progress(vpninfo, PRG_ERR, +@@ -1517,8 +1520,6 @@ static int load_certificate(struct openc + vpn_progress(vpninfo, PRG_ERR, + _("Got next CA '%s' from PKCS11\n"), name); + } +- free_issuer = 1; +- gnutls_free(t.data); + } + #endif + if (err) diff -Nru openconnect-6.00/debian/patches/series openconnect-6.00/debian/patches/series --- openconnect-6.00/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ openconnect-6.00/debian/patches/series 2015-03-26 12:19:53.000000000 +0100 @@ -0,0 +1 @@ +01_fix-double-free.patch
