Your message dated Mon, 13 Oct 2008 22:32:13 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#499945: fixed in lynx-cur 2.8.7dev9-2.1
has caused the Debian Bug report #499945,
regarding Segfault in asn1_get_tag_der().
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
499945: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499945
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libtasn1-3
Version: 1.4-1
Severity: grave
Hi,
When I run "lynx https://acrobat.com";, I end up with a segfault. The
backtrace looks like:
#0 asn1_get_tag_der (
der=0x700000000000097 <Address 0x700000000000097 out of bounds>,
der_len=33, cls=0x7fffcc8f6b77 "h", len=0x7fffcc8f6b70, tag=0x7fffcc8f6b68)
at decoding.c:127
#1 0x00002ab7df4db8de in _asn1_extract_tag_der (node=0x942850,
der=0x700000000000097 <Address 0x700000000000097 out of bounds>,
der_len=33, ret_len=0x7fffcc8f6cc8) at decoding.c:424
#2 0x00002ab7df4de383 in asn1_der_decoding (element=0x919fa0,
ider=0x700000000000097, len=33, errorDescription=0x0) at decoding.c:920
#3 0x00002ab7de88e3ff in gnutls_x509_crt_import ()
from /usr/lib/libgnutls.so.26
#4 0x0000000000493a2c in ?? ()
#5 0x0000000000493bf4 in ?? ()
#6 0x000000000049cff1 in ?? ()
#7 0x000000000049ba7d in ?? ()
#8 0x0000000000429b07 in ?? ()
#9 0x0000000000433cbf in ?? ()
#10 0x000000000042e203 in ?? ()
#11 0x00002ab7ded371a6 in __libc_start_main () from /lib/libc.so.6
#12 0x0000000000405539 in ?? ()
#13 0x00007fffcc8f8318 in ?? ()
#14 0x000000000000001c in ?? ()
#15 0x0000000000000002 in ?? ()
#16 0x00007fffcc8f9c69 in ?? ()
#17 0x00007fffcc8f9c77 in ?? ()
#18 0x0000000000000000 in ?? ()
(gdb) frame 0
#0 asn1_get_tag_der (
der=0x700000000000097 <Address 0x700000000000097 out of bounds>,
der_len=33, cls=0x7fffedcf6f77 "h", len=0x7fffedcf6f70, tag=0x7fffedcf6f68)
at decoding.c:127
127 in decoding.c
(gdb) frame 1
#1 0x00002ab7df4db8de in _asn1_extract_tag_der (node=0x942850,
der=0x700000000000097 <Address 0x700000000000097 out of bounds>,
der_len=33, ret_len=0x7fffcc8f6cc8) at decoding.c:424
424 in decoding.c
(gdb) frame 2
#2 0x00002ab7df4de383 in asn1_der_decoding (element=0x919fa0,
ider=0x700000000000097, len=33, errorDescription=0x0) at decoding.c:920
920 in decoding.c
(gdb) p p
$1 = (node_asn *) 0x700000000000097
(gdb) p node
$2 = (node_asn *) 0x7fffcc8f6b68
(gdb) p *node
$3 = {
name = 0x2adabe0e1c56
"\205ÀuÞM\205öu\204\220éþÿÿH\211ÅH\213E(H\205À\220uóM\205ö\017\205hÿÿÿé\222þÿÿL\211ò¾\201",
type = 1869048897, value = 0x0,
value_len = 9460992, down = 0x919fa0, right = 0x3, left = 0x21}
(gdb) p der
No symbol "der" in current context.
(gdb) p len
$4 = 33
(gdb) p counter
$5 = 0
(gdb) p len2
$6 = 9637200
(gdb) p p2->down
$7 = (struct node_asn_struct *) 0x7d204c4c554e000a
(gdb) p ris
$8 = 0
(gdb) p *p2
$10 = {name = 0x252200207b202000 <Address 0x252200207b202000 out of bounds>,
type = 539763315,
value = 0x2c756c2500202c4c <Address 0x2c756c2500202c4c out of bounds>,
value_len = 622985248, down = 0x7d204c4c554e000a,
right = 0x4e207b2020000a2c, left = 0x202c30202c4c4c55}
It's not exactly making sense to me why it wouldn't segfault earlier like
at the if "((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))" line.
running valgrind I also get:
==19443== Invalid read of size 8
==19443== at 0x52E73D7: gnutls_x509_crt_import (in /usr/lib/libgnutls.so.26.4
.5)
==19443== by 0x493A2B: (within /usr/bin/lynx.cur)
==19443== by 0x493BF3: (within /usr/bin/lynx.cur)
==19443== by 0x49CFF0: (within /usr/bin/lynx.cur)
==19443== by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443== by 0x429B06: (within /usr/bin/lynx.cur)
==19443== by 0x433CBE: (within /usr/bin/lynx.cur)
==19443== by 0x42E202: (within /usr/bin/lynx.cur)
==19443== by 0x578F1A5: (below main) (libc-start.c:222)
==19443== Address 0x6449c00 is 0 bytes after a block of size 16 alloc'd
==19443== at 0x4C200FC: calloc (vg_replace_malloc.c:397)
==19443== by 0x52C7584: (within /usr/lib/libgnutls.so.26.4.5)
==19443== by 0x52C8008: _gnutls_proc_x509_server_certificate (in /usr/lib/lib
gnutls.so.26.4.5)
==19443== by 0x52B79FF: _gnutls_recv_server_certificate (in /usr/lib/libgnutl
s.so.26.4.5)
==19443== by 0x52B4A27: _gnutls_handshake_client (in /usr/lib/libgnutls.so.26
.4.5)
==19443== by 0x52B52E7: gnutls_handshake (in /usr/lib/libgnutls.so.26.4.5)
==19443== by 0x494102: (within /usr/bin/lynx.cur)
==19443== by 0x49CE96: (within /usr/bin/lynx.cur)
==19443== by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443== by 0x429B06: (within /usr/bin/lynx.cur)
==19443== by 0x433CBE: (within /usr/bin/lynx.cur)
==19443== by 0x42E202: (within /usr/bin/lynx.cur)
==19443==
==19443== Invalid read of size 4
==19443== at 0x52E73DA: gnutls_x509_crt_import (in
/usr/lib/libgnutls.so.26.4.5)
==19443== by 0x493A2B: (within /usr/bin/lynx.cur)
==19443== by 0x493BF3: (within /usr/bin/lynx.cur)
==19443== by 0x49CFF0: (within /usr/bin/lynx.cur)
==19443== by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443== by 0x429B06: (within /usr/bin/lynx.cur)
==19443== by 0x433CBE: (within /usr/bin/lynx.cur)
==19443== by 0x42E202: (within /usr/bin/lynx.cur)
==19443== by 0x578F1A5: (below main) (libc-start.c:222)
==19443== Address 0x6449c08 is 8 bytes after a block of size 16 alloc'd
==19443== at 0x4C200FC: calloc (vg_replace_malloc.c:397)
==19443== by 0x52C7584: (within /usr/lib/libgnutls.so.26.4.5)
==19443== by 0x52C8008: _gnutls_proc_x509_server_certificate (in
/usr/lib/libgnutls.so.26.4.5)
==19443== by 0x52B79FF: _gnutls_recv_server_certificate (in
/usr/lib/libgnutls.so.26.4.5)
==19443== by 0x52B4A27: _gnutls_handshake_client (in
/usr/lib/libgnutls.so.26.4.5)
==19443== by 0x52B52E7: gnutls_handshake (in /usr/lib/libgnutls.so.26.4.5)
==19443== by 0x494102: (within /usr/bin/lynx.cur)
==19443== by 0x49CE96: (within /usr/bin/lynx.cur)
==19443== by 0x49BA7C: (within /usr/bin/lynx.cur)
==19443== by 0x429B06: (within /usr/bin/lynx.cur)
==19443== by 0x433CBE: (within /usr/bin/lynx.cur)
==19443== by 0x42E202: (within /usr/bin/lynx.cur)
I'm running libgnutls26 2.4.1-1 and lynx-cur 2.8.7dev9-2.
Kurt
--- End Message ---
--- Begin Message ---
Source: lynx-cur
Source-Version: 2.8.7dev9-2.1
We believe that the bug you reported is fixed in the latest version of
lynx-cur, which is due to be installed in the Debian FTP archive:
lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
to pool/main/l/lynx-cur/lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
lynx-cur_2.8.7dev9-2.1.diff.gz
to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1.diff.gz
lynx-cur_2.8.7dev9-2.1.dsc
to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1.dsc
lynx-cur_2.8.7dev9-2.1_amd64.deb
to pool/main/l/lynx-cur/lynx-cur_2.8.7dev9-2.1_amd64.deb
lynx_2.8.7dev9-2.1_all.deb
to pool/main/l/lynx-cur/lynx_2.8.7dev9-2.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thomas Viehmann <[EMAIL PROTECTED]> (supplier of updated lynx-cur package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 13 Oct 2008 23:24:41 +0200
Source: lynx-cur
Binary: lynx-cur lynx-cur-wrapper lynx
Architecture: source all amd64
Version: 2.8.7dev9-2.1
Distribution: testing
Urgency: medium
Maintainer: Atsuhito KOHDA <[EMAIL PROTECTED]>
Changed-By: Thomas Viehmann <[EMAIL PROTECTED]>
Description:
lynx - Text-mode WWW Browser (transitional package)
lynx-cur - Text-mode WWW Browser with NLS support (development version)
lynx-cur-wrapper - Wrapper for lynx-cur
Closes: 499945
Changes:
lynx-cur (2.8.7dev9-2.1) testing; urgency=medium
.
* Non-maintainer upload for testing, identical to the the
unstable 2.8.7dev9-2.1 one.
* fix src/tidy_tls.c X509_get_issuer_name to actually take the issuer
DN of the present certificate and not hope that it is the same as
taking the subject DN of the "next" certificate which
may or may not exist. Closes: #499945
This is debian/patches/patch-3.
Checksums-Sha1:
9a12a932f0fdbf1dd933742cc16f04e76ff4f3f3 1202 lynx-cur_2.8.7dev9-2.1.dsc
a816d2f6ea89720a7df4da9fd64984eec4a0646f 29958 lynx-cur_2.8.7dev9-2.1.diff.gz
18a832089f09cb5b087c2e889531c7d7ac05beef 16274
lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
830a0097d75d1d87349a1a633a3dd3b5654f0f1f 13796 lynx_2.8.7dev9-2.1_all.deb
f3dc78007f358a57e04f51a330cdbd9ef383b823 2080540
lynx-cur_2.8.7dev9-2.1_amd64.deb
Checksums-Sha256:
08bd00223990284d8cd2ebe978b2fc8c667b9911364b14997dab56f3e337ddb9 1202
lynx-cur_2.8.7dev9-2.1.dsc
f0ecbddfa7330e73d6910772c0bc81ff15b3fcf47af7e00bae596edee9540a9d 29958
lynx-cur_2.8.7dev9-2.1.diff.gz
1e211b0631eb76814b2ba56026e3fc9b998094b60c85cb84d16628eb94d5e1c5 16274
lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
5ee573683de3d4d4d81348203bdba25609e24332c254bdea2679ed122c3834c7 13796
lynx_2.8.7dev9-2.1_all.deb
93c3cf475258796d75338637f9906d51dbb9f9d71a12c94f02479c274719df3f 2080540
lynx-cur_2.8.7dev9-2.1_amd64.deb
Files:
0ecd4f4cf3bedebd34f88d33efb52c68 1202 web extra lynx-cur_2.8.7dev9-2.1.dsc
266df63e134b14c07f912e2023acbf7e 29958 web extra lynx-cur_2.8.7dev9-2.1.diff.gz
5aa3f250031a9011150a9a621b6329b3 16274 web extra
lynx-cur-wrapper_2.8.7dev9-2.1_all.deb
78704d733fb186da27f3e66b940aa335 13796 web extra lynx_2.8.7dev9-2.1_all.deb
556f411a62b9d8d20e283086796707ca 2080540 web extra
lynx-cur_2.8.7dev9-2.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkjzy1gACgkQriZpaaIa1PmZXwCgxiXaqDNmFvX2RpIscYQZXLr6
etAAn3OsMW7mtfj/ANxu1FvFlYoa0VDA
=myfg
-----END PGP SIGNATURE-----
--- End Message ---
