Bug 2087520
Summary: | anaconda (Python) crashes with gnutls 3.7.5: free(): invalid next size (fast) | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
Component: | gnutls | Assignee: | Zoltan Fridrich <zfridric> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | rawhide | CC: | ansasaki, crypto-team, dueno, kevin, tm, zfridric |
Target Milestone: | --- | Keywords: | Triaged |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | openqa | ||
Fixed In Version: | gnutls-3.7.6-1.fc36 gnutls-3.7.6-1.fc35 | Doc Type: | Bug Fix |
Doc Text: |
Cause:
gnutls_realloc_zero is set as gmp reallocfunc
Consequence:
programs using gmp might break due to heap corruption
Fix:
fix invalid write in gnutls_realloc_zero when new_size < old_size
Result:
no heap corruption when gnutls_realloc_zero is used in gmp
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-06-01 01:24:19 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Adam Williamson
2022-05-17 22:09:30 UTC
(In reply to Adam Williamson from comment #0) > openQA testing shows that anaconda consistently crashes when running against > gnutls 3.7.5. The crash seems to be actually in Python itself, and an error > message `free(): invalid next size (fast)` is shown. I don't have a full > backtrace yet (this is slightly inconvenient to get for anaconda Python > crashes). > > I suspect this is the same as upstream > https://gitlab.com/gnutls/gnutls/-/issues/1367 - I'll try and fix Jeremy > comes up with there. > > We have untagged gnutls-3.7.5-1.fc37 from Rawhide for now to avoid this > breaking composes. Within the release 3.7.5 we started using custom gmp memory allocator functions in order to increase the security level by nullifying memory. However, we did not realize that our gnutls_realloc_zero function was already broken (could cause heap corruption) and setting it as reallocfunc for gmp might have broken stuff. This upstream MR should fix this issue https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 Created attachment 1880807 [details]
Patch fixing the gnutls_realloc_zero funcion
FEDORA-2022-d46bf7581b has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-d46bf7581b FEDORA-2022-93d7c9e45d has been submitted as an update to Fedora 36. https://bodhi.fedoraproject.org/updates/FEDORA-2022-93d7c9e45d FEDORA-2022-8568c6f3ac has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-8568c6f3ac FEDORA-2022-93d7c9e45d has been pushed to the Fedora 36 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-93d7c9e45d` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-93d7c9e45d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-8568c6f3ac has been pushed to the Fedora 35 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-8568c6f3ac` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-8568c6f3ac See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-d46bf7581b has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-d46bf7581b` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-d46bf7581b See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2022-93d7c9e45d has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-8568c6f3ac has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. |