Description of problem: Executing ` gnutls-cli -d 1 tls-tls-tls.ctf.siesta.monster -p 8080 --ca-auto-retrieve` , just segfaulted Version-Release number of selected component: gnutls-utils-3.8.1-1.fc39 Additional info: reporter: libreport-2.17.11 type: CCpp reason: gnutls-cli killed by SIGSEGV journald_cursor: s=bc29ac64410c4532adce616b6afb2a1d;i=66bf2c;b=dbebcbd302e249028d66c825836827a4;m=153769e7f;t=6089de8135e7a;x=7e9fc9ed1c777540 executable: /usr/bin/gnutls-cli cmdline: gnutls-cli -d 1 tls-tls-tls.ctf.siesta.monster -p 8080 --ca-auto-retrieve cgroup: 0::/user.slice/user-20528.slice/user/app.slice/app-org.gnome.Terminal.slice/vte-spawn-8f3b4aac-6961-47d3-8c24-82b372b6167c.scope rootdir: / uid: 20528 kernel: 6.5.8-300.fc39.x86_64 package: gnutls-utils-3.8.1-1.fc39 runlevel: N 5 backtrace_rating: 4 crash_function: gnutls_x509_crt_deinit comment: Executing ` gnutls-cli -d 1 tls-tls-tls.ctf.siesta.monster -p 8080 --ca-auto-retrieve` , just segfaulted Truncated backtrace: Thread no. 1 (13 frames) #0 gnutls_x509_crt_deinit at ../../../lib/x509/x509.c:294 #1 retrieve_issuers at ../../../lib/x509/verify-high.c:946 #2 gnutls_x509_trust_list_verify_crt2 at ../../../lib/x509/verify-high.c:1496 #3 _gnutls_x509_cert_verify_peers at ../../lib/cert-session.c:594 #4 gnutls_certificate_verify_peers at ../../lib/cert-session.c:766 #5 cert_verify at ../../src/common.c:260 #6 cert_verify_callback at ../../src/cli.c:488 #7 _gnutls_run_verify_callback at ../../lib/handshake.c:3014 #8 _gnutls13_handshake_client at ../../lib/handshake-tls13.c:136 #9 handshake_client at ../../lib/handshake.c:3052 #10 gnutls_handshake at ../../lib/handshake.c:2874 #11 do_handshake at ../../src/cli.c:1855 #12 socket_open2 at ../../src/socket.c:620
Created attachment 1995622 [details] File: proc_pid_status
Created attachment 1995623 [details] File: maps
Created attachment 1995624 [details] File: limits
Created attachment 1995625 [details] File: environ
Created attachment 1995626 [details] File: open_fds
Created attachment 1995627 [details] File: mountinfo
Created attachment 1995628 [details] File: os_info
Created attachment 1995629 [details] File: cpuinfo
Created attachment 1995630 [details] File: core_backtrace
Created attachment 1995631 [details] File: exploitable
Created attachment 1995632 [details] File: dso_list
Created attachment 1995633 [details] File: backtrace
> Executing ` gnutls-cli -d 1 tls-tls-tls.ctf.siesta.monster -p 8080 --ca-auto-retrieve` , just segfaulted Thank you for the report. I'm trying to reproduce but it looks like the server only has a private address assigned. Would it be possible to point me to a public server, or could you collect the logs following the instruction below? https://www.gnutls.org/manual/html_node/Debugging-and-auditing.html#Debugging-and-auditing
I suspect that this might be hitting the case where a gap is found in the certificate chain while the EE cert doesn't have caIssuer AIA. In that case, the default issuer callback set by gnutls-cli returns 0 (success) but doesn't set issuers_size to 0: https://gitlab.com/gnutls/gnutls/-/blob/f2fbef2c50952270eeeadebfacbf718da845fadc/src/cli.c#L2297
(In reply to Daiki Ueno from comment #13) > > Executing ` gnutls-cli -d 1 tls-tls-tls.ctf.siesta.monster -p 8080 --ca-auto-retrieve` , just segfaulted > > Thank you for the report. I'm trying to reproduce but it looks like the > server only has a private address assigned. Would it be possible to point me > to a public server, or could you collect the logs following the instruction > below? > > https://www.gnutls.org/manual/html_node/Debugging-and-auditing. > html#Debugging-and-auditing Sadly tls-tls-tls.ctf.siesta.monster is not available anymore as the CTF event ended last week so I can't provide more detailed debug info.
OK, then let's assume my guess on comment 14 is correct :-) I've filed an MR in upstream to fix it: https://gitlab.com/gnutls/gnutls/-/merge_requests/1792
FEDORA-2024-c43a6cc3f8 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2024-c43a6cc3f8
FEDORA-2024-80428c408c has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2024-80428c408c
FEDORA-2024-c43a6cc3f8 has been pushed to the Fedora 38 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-c43a6cc3f8` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-c43a6cc3f8 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-80428c408c has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-80428c408c` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-80428c408c See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-80428c408c has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-c43a6cc3f8 (gnutls-3.8.3-1.fc38) has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.