[Bug 1368099] [NEW] libcurl3-gnutls application crashes with NULL-pointer deref

Roman Fiedler Thu, 11 Sep 2014 02:06:55 -0700

Public bug reported:

Bug occurs when interacting with some but not all SSL-webservers, so it
seems to be triggered by the remote side, crashing a zabbix monitoring
system when connecting to a problematic Apache 2.4 server in my case.


Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
    at x509.c:176
176 x509.c: No such file or directory.
(gdb) bt
#0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
    format=GNUTLS_X509_FMT_DER) at x509.c:176
#1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#7 0xb6e888a0 in curl_multi_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#8 0xb6e7f6fb in curl_easy_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#9 0xb76be6aa in process_httptests ()
#10 0xb76bca56 in main_httppoller_loop ()
#11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
#12 0xb76ef49b in daemon_start ()
#13 0xb7690abf in main ()

According to [1], calling the function with data=NULL seems forbidden. It 
seems, that [2] is a similar report for curl. The upstream patch seems to be 
announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0 
- May 21 2014".
Also the packages in Unicorn should already include the patch but adding it on 
Trusty (production) seems not a good idea due to change in package dependencies.

# lsb_release -rd
Description:    Ubuntu 14.04.1 LTS
Release:        14.04

# apt-cache policy libcurl3-gnutls
libcurl3-gnutls:
  Installed: 7.35.0-1ubuntu2
  Candidate: 7.35.0-1ubuntu2
  Version table:
 *** 7.35.0-1ubuntu2 0
        500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386 
Packages
        100 /var/lib/dpkg/status

[1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
[2] http://curl.haxx.se/mail/lib-2014-04/0145.html
[3] http://curl.haxx.se/changes.html

** Affects: curl (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: transmission (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: zabbix (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1368099

Title:
  libcurl3-gnutls application crashes with NULL-pointer deref

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1368099/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1368099] [NEW] libcurl3-gnutls application crashes with NULL-pointer deref

Reply via email to