[Bug 1166634] Re: gnutls26 crashes on particularly malformed crypt stream
Jamie Strandboge
jamie at ubuntu.com
Fri Apr 12 21:38:04 UTC 2013
Looks like though the logic is quite a bit different here:
https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0
We have:
for (i = 2; i <= pad; i++)
where upstream has:
for (i = 2; i <= MIN(256, ciphertext->size); i++)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1166634
Title:
gnutls26 crashes on particularly malformed crypt stream
Status in “gnutls26” package in Ubuntu:
New
Bug description:
The patch for CVE-2013-1619 has a bug. It fails to do proper range
protection. The attached patch may not be correct insofar as
reintroducing a timing exposure; but it does stop the segfaults, which
are perhaps more problematic.
This is a security issue becuase crashes in libgnutls are inherently
security issues.
I triggered this by trying to access https URLs via an "all_proxy" in
libcurl-gnutls.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1166634/+subscriptions
More information about the foundations-bugs
mailing list