Description of problem: While verifying client certificates with sha512 hashes I get segfaults like ==7286== Invalid read of size 1 ==7286== at 0x4A06794: strcmp (mc_replace_strmem.c:341) ==7286== by 0x4C309C5: _gnutls_x509_oid2mac_algorithm (gnutls_algorithms.c:573) ==7286== by 0x4C5830A: verify_sig (verify.c:498) ==7286== by 0x4C5850D: _gnutls_x509_verify_signature (verify.c:696) ==7286== by 0x4C58D37: _gnutls_verify_certificate2 (verify.c:295) ==7286== by 0x4C5911F: gnutls_x509_crt_list_verify (verify.c:401) ==7286== by 0x4C470AB: _gnutls_x509_cert_verify_peers (gnutls_x509.c:179) ==7286== by 0x402DAA: ssl_server (ssl-server.c:520) ==7286== by 0x403C77: main (ssl-server.c:820) ==7286== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==7286== ==7286== Process terminating with default action of signal 11 (SIGSEGV) ==7286== Access not within mapped region at address 0x0 ==7286== at 0x4A06794: strcmp (mc_replace_strmem.c:341) ==7286== by 0x4C309C5: _gnutls_x509_oid2mac_algorithm (gnutls_algorithms.c:573) ==7286== by 0x4C5830A: verify_sig (verify.c:498) ==7286== by 0x4C5850D: _gnutls_x509_verify_signature (verify.c:696) ==7286== by 0x4C58D37: _gnutls_verify_certificate2 (verify.c:295) ==7286== by 0x4C5911F: gnutls_x509_crt_list_verify (verify.c:401) ==7286== by 0x4C470AB: _gnutls_x509_cert_verify_peers (gnutls_x509.c:179) ==7286== by 0x402DAA: ssl_server (ssl-server.c:520) ==7286== by 0x403C77: main (ssl-server.c:820) This issues seems to be described in http://lists.gnupg.org/pipermail/gnutls-dev/2006-August/001190.html and solved in gnutls-1.4.2. Practically, this allows DOS attacks against gnutls based servers by providing client certificates with unsupported algorithms (e.g. sha256 or sha512). Version-Release number of selected component (if applicable): How reproducible: gnutls-1.4.1-3.el5_4.8
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.6 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.7 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.
This request was evaluated by Red Hat Product Management for inclusion in Red Hat Enterprise Linux 5.8 and Red Hat does not plan to fix this issue the currently developed update. Contact your manager or support representative in case you need to escalate this bug.