On 2007-02-04 Andreas Metzler <[EMAIL PROTECTED]> wrote:
> On 2007-02-03 William Boughton <[EMAIL PROTECTED]> wrote:
> > On Sat, Feb 03, 2007 at 10:30:59AM +0100, Andreas Metzler wrote:
> [...]
> >> What arch are you on? I do not see this on etch/ix86.
> > x86_64
> [...]
> > I have been unable to reproduce this on x86_32. It also doesn't
> > happen in a x86_32 etch chroot on the same machine amd64(x86_64).
> Hello,
> I could reproduce this on pergolesi.debian.org's amd64 chroots with
> 1.4.4 however there is currently some stuff missing for properly
> debugging it. I have emailed debian-admin to get it installed.
I have used LD_LIBRARY_PATH as workaround.
As you have already noted the trrigger is the very last certificate in
the file
-----BEGIN CERTIFICATE----- <---- note whitespace here!
MIIDmTCCAwKgAwIBAgIJAMyJZWWIII1aMA0GCSqGSIb3DQEBBAUAMIGQMQswCQYD
[...]
The actual crash happens in x509_b64.c:479 _gnutls_fbase64_decode()
since it somehow gets passed on the wrong data_size=1475 (instead of the
correct data_size=1313).
> It seems to be fixed in 1.6.x.
[...]
This patch in 1.6.x and later versions seems to fix the issue:
2006-06-16 Simon Josefsson <[EMAIL PROTECTED]>
* configure.in, lib/Makefile.am, lib/gnutls_x509.c,
libextra/gnutls_openpgp.c: Use read_binary_file from gnulib instead
of strfile stuff, to fix problem with binary files on mingw.
I am not sure about the severity of this bug, whether we should try to
squeeze the fix into etch.
cu and- fix pulled from cvs attached -reas
cvs diff -D 'Jun 16 13:27:36 2006 UTC' -D 'Jun 16 13:33:36 2006 UTC'
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
Index: configure.in
===================================================================
RCS file: /cvs/gnutls/gnutls/configure.in,v
retrieving revision 2.420
retrieving revision 2.421
diff -u -r2.420 -r2.421
--- configure.in 16 Jun 2006 12:16:16 -0000 2.420
+++ configure.in 16 Jun 2006 13:29:35 -0000 2.421
@@ -183,7 +183,7 @@
AC_CHECK_HEADERS(math.h limits.h float.h stdarg.h ctype.h)
dnl opencdk
AC_CHECK_HEADERS(netdb.h)
-AC_CHECK_FUNCS(umask vasprintf isascii mmap gmtime_r,,)
+AC_CHECK_FUNCS(umask vasprintf isascii gmtime_r,,)
AC_FUNC_ALLOCA
AC_MSG_RESULT([***
Index: lib/Makefile.am
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/Makefile.am,v
retrieving revision 2.181
retrieving revision 2.182
diff -u -r2.181 -r2.182
--- lib/Makefile.am 15 Jun 2006 16:02:11 -0000 2.181
+++ lib/Makefile.am 16 Jun 2006 13:29:36 -0000 2.182
@@ -84,9 +84,9 @@
gnutls_extensions.h gnutls_buffer.h gnutls_auth_int.h \
x509_b64.h gnutls_v2_compat.h gnutls_datum.h auth_cert.h \
gnutls_mpi.h gnutls_pk.h gnutls_record.h gnutls_cert.h \
- gnutls_constate.h gnutls_global.h strfile.h gnutls_sig.h \
- gnutls_mem.h io_debug.h ext_max_record.h gnutls_session_pack.h \
- gnutls_str.h gnutls_state.h gnutls_x509.h ext_cert_type.h \
+ gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \
+ io_debug.h ext_max_record.h gnutls_session_pack.h gnutls_str.h \
+ gnutls_state.h gnutls_x509.h ext_cert_type.h \
gnutls_rsa_export.h ext_server_name.h auth_dh_common.h \
ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
gnutls_helper.h auth_psk.h auth_psk_passwd.h \
Index: lib/gnutls_x509.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_x509.c,v
retrieving revision 2.174
retrieving revision 2.175
diff -u -r2.174 -r2.175
--- lib/gnutls_x509.c 18 Mar 2006 12:49:09 -0000 2.174
+++ lib/gnutls_x509.c 16 Jun 2006 13:29:36 -0000 2.175
@@ -48,6 +48,7 @@
#include "x509/mpi.h"
#include "x509/pkcs7.h"
#include "x509/privkey.h"
+#include "read-file.h"
/*
* some x509 certificate parsing functions.
@@ -737,126 +738,6 @@
return 0;
}
-/* Opens a file reads its contents and stores it
- * in allocated memory, which is returned.
- */
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#ifdef HAVE_MMAP
-# include <unistd.h>
-# include <sys/mman.h>
-# ifndef MAP_FAILED
-# define MAP_FAILED (void *)-1L
-# endif
-#endif
-
-#include <strfile.h>
-
-void
-_gnutls_strfile_free (strfile * x)
-{
-#ifdef HAVE_MMAP
- if (x->mmaped)
- {
- munmap (x->data, x->size);
- return;
- }
-#endif
-
- gnutls_free (x->data);
- x->data = NULL;
-}
-
-strfile
-_gnutls_file_to_str (const char *file)
-{
- int fd1 = -1;
- struct stat stat_st;
- size_t tot_size;
- size_t left;
- opaque *tmp;
- ssize_t i = 0;
- strfile null = { NULL, 0, 0 };
- strfile ret = { NULL, 0, 0 };
-
- fd1 = open (file, 0);
- if (fd1 == -1)
- {
- gnutls_assert ();
- return null;
- }
-
- if (fstat (fd1, &stat_st) == -1)
- {
- gnutls_assert ();
- goto error;
- }
-
- tot_size = stat_st.st_size;
- if (tot_size == 0)
- {
- gnutls_assert ();
- goto error;
- }
-#ifdef HAVE_MMAP
- if ((tmp =
- mmap (NULL, tot_size, PROT_READ, MAP_SHARED, fd1, 0)) != MAP_FAILED)
- {
- ret.mmaped = 1;
- ret.data = tmp;
- ret.size = tot_size;
-
- close (fd1);
- return ret;
- }
-#endif
-
- ret.data = gnutls_malloc (tot_size);
- if (ret.data == NULL)
- {
- gnutls_assert ();
- goto error;
- }
-
- left = tot_size;
- while (left > 0)
- {
- i = read (fd1, &ret.data[tot_size - left], left);
- if (i == -1)
- {
- if (errno == EAGAIN || errno == EINTR)
- continue;
- else
- {
- gnutls_assert ();
- goto error;
- }
- }
- else if (i == 0)
- break;
-
- left -= i;
- }
-
- ret.size = tot_size - left;
-
- ret.mmaped = 0;
-
- close (fd1);
-
- return ret;
-
-error:
-
- if (!ret.mmaped)
- gnutls_free (ret.data);
- close (fd1);
- return null;
-}
-
/* Reads a certificate file
*/
static int
@@ -864,17 +745,17 @@
const char *certfile, gnutls_x509_crt_fmt_t type)
{
int ret;
- strfile x;
+ size_t size;
+ char *data = read_binary_file (certfile, &size);
- x = _gnutls_file_to_str (certfile);
- if (x.data == NULL)
+ if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
- ret = read_cert_mem (res, x.data, x.size, type);
- _gnutls_strfile_free (&x);
+ ret = read_cert_mem (res, data, size, type);
+ free (data);
return ret;
@@ -890,17 +771,17 @@
const char *keyfile, gnutls_x509_crt_fmt_t type)
{
int ret;
- strfile x;
+ size_t size;
+ char *data = read_binary_file (keyfile, &size);
- x = _gnutls_file_to_str (keyfile);
- if (x.data == NULL)
+ if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
- ret = read_key_mem (res, x.data, x.size, type);
- _gnutls_strfile_free (&x);
+ ret = read_key_mem (res, data, size, type);
+ free (data);
return ret;
}
@@ -1482,10 +1363,10 @@
gnutls_x509_crt_fmt_t type)
{
int ret, ret2;
- strfile x;
+ size_t size;
+ char *data = read_binary_file (cafile, &size);
- x = _gnutls_file_to_str (cafile);
- if (x.data == NULL)
+ if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
@@ -1493,12 +1374,12 @@
if (type == GNUTLS_X509_FMT_DER)
ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- x.data, x.size);
+ data, size);
else
ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
- x.data, x.size);
+ data, size);
- _gnutls_strfile_free (&x);
+ free (data);
if (ret < 0)
{
@@ -1776,10 +1657,10 @@
gnutls_x509_crt_fmt_t type)
{
int ret;
- strfile x;
+ size_t size;
+ char *data = read_binary_file (crlfile, &size);
- x = _gnutls_file_to_str (crlfile);
- if (x.data == NULL)
+ if (data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
@@ -1787,12 +1668,12 @@
if (type == GNUTLS_X509_FMT_DER)
ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
- x.data, x.size);
+ data, size);
else
ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
- x.data, x.size);
+ data, size);
- _gnutls_strfile_free (&x);
+ free (data);
if (ret < 0)
{
@@ -2000,7 +1881,6 @@
gnutls_x509_crt_t cert = NULL;
gnutls_x509_crl_t crl = NULL;
int ret;
- strfile x;
ret = gnutls_pkcs12_init (&p12);
if (ret < 0)
@@ -2009,19 +1889,16 @@
return ret;
}
- x = _gnutls_file_to_str (pkcs12file);
- if (x.data == NULL)
+ p12blob.data = read_binary_file (pkcs12file, &p12blob.size);
+ if (p12blob.data == NULL)
{
gnutls_assert ();
gnutls_pkcs12_deinit (p12);
return GNUTLS_E_FILE_ERROR;
}
- p12blob.data = x.data;
- p12blob.size = x.size;
-
ret = gnutls_pkcs12_import (p12, &p12blob, type, 0);
- _gnutls_strfile_free (&x);
+ free (p12blob.data);
if (ret < 0)
{
gnutls_assert ();
Index: lib/strfile.h
===================================================================
RCS file: lib/strfile.h
diff -N lib/strfile.h
--- lib/strfile.h 7 Nov 2005 23:27:59 -0000 2.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,33 +0,0 @@
-/*
- * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation
- *
- * Author: Nikos Mavroyanopoulos
- *
- * This file is part of GNUTLS.
- *
- * The GNUTLS library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * as published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
- * USA
- *
- */
-
-typedef struct
-{
- opaque *data;
- size_t size;
- int mmaped;
-} strfile;
-
-void _gnutls_strfile_free (strfile * x);
-strfile _gnutls_file_to_str (const char *file);
Index: libextra/gnutls_openpgp.c
===================================================================
RCS file: /cvs/gnutls/gnutls/libextra/gnutls_openpgp.c,v
retrieving revision 1.103
retrieving revision 1.104
diff -u -r1.103 -r1.104
--- libextra/gnutls_openpgp.c 9 Dec 2005 11:22:14 -0000 1.103
+++ libextra/gnutls_openpgp.c 16 Jun 2006 13:29:36 -0000 1.104
@@ -29,7 +29,7 @@
#include "gnutls_datum.h"
#include "gnutls_global.h"
#include <openpgp/gnutls_openpgp.h>
-#include <strfile.h>
+#include "read-file.h"
#include <gnutls_str.h>
#include <stdio.h>
#include <gcrypt.h>
@@ -723,7 +723,6 @@
struct stat statbuf;
int rc = 0;
gnutls_datum_t key, cert;
- strfile xcert, xkey;
if (!res || !keyfile || !certfile)
{
@@ -737,31 +736,25 @@
return GNUTLS_E_FILE_ERROR;
}
- xcert = _gnutls_file_to_str (certfile);
- if (xcert.data == NULL)
+ cert.data = read_binary_file (certfile, &cert.size);
+ if (cert.data == NULL)
{
gnutls_assert ();
return GNUTLS_E_FILE_ERROR;
}
- xkey = _gnutls_file_to_str (keyfile);
- if (xkey.data == NULL)
+ key.data = read_binary_file (keyfile, &key.size);
+ if (key.data == NULL)
{
gnutls_assert ();
- _gnutls_strfile_free (&xcert);
+ free (cert.data);
return GNUTLS_E_FILE_ERROR;
}
- key.data = xkey.data;
- key.size = xkey.size;
-
- cert.data = xcert.data;
- cert.size = xcert.size;
-
rc = gnutls_certificate_set_openpgp_key_mem (res, &cert, &key);
- _gnutls_strfile_free (&xcert);
- _gnutls_strfile_free (&xkey);
+ free (cert.data);
+ free (key.data);
if (rc < 0)
{
