On 2007-02-04 Andreas Metzler <[EMAIL PROTECTED]> wrote: > On 2007-02-03 William Boughton <[EMAIL PROTECTED]> wrote: > > On Sat, Feb 03, 2007 at 10:30:59AM +0100, Andreas Metzler wrote: > [...] > >> What arch are you on? I do not see this on etch/ix86.
> > x86_64 > [...] > > I have been unable to reproduce this on x86_32. It also doesn't > > happen in a x86_32 etch chroot on the same machine amd64(x86_64). > Hello, > I could reproduce this on pergolesi.debian.org's amd64 chroots with > 1.4.4 however there is currently some stuff missing for properly > debugging it. I have emailed debian-admin to get it installed. I have used LD_LIBRARY_PATH as workaround. As you have already noted the trrigger is the very last certificate in the file -----BEGIN CERTIFICATE----- <---- note whitespace here! MIIDmTCCAwKgAwIBAgIJAMyJZWWIII1aMA0GCSqGSIb3DQEBBAUAMIGQMQswCQYD [...] The actual crash happens in x509_b64.c:479 _gnutls_fbase64_decode() since it somehow gets passed on the wrong data_size=1475 (instead of the correct data_size=1313). > It seems to be fixed in 1.6.x. [...] This patch in 1.6.x and later versions seems to fix the issue: 2006-06-16 Simon Josefsson <[EMAIL PROTECTED]> * configure.in, lib/Makefile.am, lib/gnutls_x509.c, libextra/gnutls_openpgp.c: Use read_binary_file from gnulib instead of strfile stuff, to fix problem with binary files on mingw. I am not sure about the severity of this bug, whether we should try to squeeze the fix into etch. cu and- fix pulled from cvs attached -reas cvs diff -D 'Jun 16 13:27:36 2006 UTC' -D 'Jun 16 13:33:36 2006 UTC' -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure'
Index: configure.in =================================================================== RCS file: /cvs/gnutls/gnutls/configure.in,v retrieving revision 2.420 retrieving revision 2.421 diff -u -r2.420 -r2.421 --- configure.in 16 Jun 2006 12:16:16 -0000 2.420 +++ configure.in 16 Jun 2006 13:29:35 -0000 2.421 @@ -183,7 +183,7 @@ AC_CHECK_HEADERS(math.h limits.h float.h stdarg.h ctype.h) dnl opencdk AC_CHECK_HEADERS(netdb.h) -AC_CHECK_FUNCS(umask vasprintf isascii mmap gmtime_r,,) +AC_CHECK_FUNCS(umask vasprintf isascii gmtime_r,,) AC_FUNC_ALLOCA AC_MSG_RESULT([*** Index: lib/Makefile.am =================================================================== RCS file: /cvs/gnutls/gnutls/lib/Makefile.am,v retrieving revision 2.181 retrieving revision 2.182 diff -u -r2.181 -r2.182 --- lib/Makefile.am 15 Jun 2006 16:02:11 -0000 2.181 +++ lib/Makefile.am 16 Jun 2006 13:29:36 -0000 2.182 @@ -84,9 +84,9 @@ gnutls_extensions.h gnutls_buffer.h gnutls_auth_int.h \ x509_b64.h gnutls_v2_compat.h gnutls_datum.h auth_cert.h \ gnutls_mpi.h gnutls_pk.h gnutls_record.h gnutls_cert.h \ - gnutls_constate.h gnutls_global.h strfile.h gnutls_sig.h \ - gnutls_mem.h io_debug.h ext_max_record.h gnutls_session_pack.h \ - gnutls_str.h gnutls_state.h gnutls_x509.h ext_cert_type.h \ + gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \ + io_debug.h ext_max_record.h gnutls_session_pack.h gnutls_str.h \ + gnutls_state.h gnutls_x509.h ext_cert_type.h \ gnutls_rsa_export.h ext_server_name.h auth_dh_common.h \ ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \ gnutls_helper.h auth_psk.h auth_psk_passwd.h \ Index: lib/gnutls_x509.c =================================================================== RCS file: /cvs/gnutls/gnutls/lib/gnutls_x509.c,v retrieving revision 2.174 retrieving revision 2.175 diff -u -r2.174 -r2.175 --- lib/gnutls_x509.c 18 Mar 2006 12:49:09 -0000 2.174 +++ lib/gnutls_x509.c 16 Jun 2006 13:29:36 -0000 2.175 @@ -48,6 +48,7 @@ #include "x509/mpi.h" #include "x509/pkcs7.h" #include "x509/privkey.h" +#include "read-file.h" /* * some x509 certificate parsing functions. @@ -737,126 +738,6 @@ return 0; } -/* Opens a file reads its contents and stores it - * in allocated memory, which is returned. - */ -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <errno.h> - -#ifdef HAVE_MMAP -# include <unistd.h> -# include <sys/mman.h> -# ifndef MAP_FAILED -# define MAP_FAILED (void *)-1L -# endif -#endif - -#include <strfile.h> - -void -_gnutls_strfile_free (strfile * x) -{ -#ifdef HAVE_MMAP - if (x->mmaped) - { - munmap (x->data, x->size); - return; - } -#endif - - gnutls_free (x->data); - x->data = NULL; -} - -strfile -_gnutls_file_to_str (const char *file) -{ - int fd1 = -1; - struct stat stat_st; - size_t tot_size; - size_t left; - opaque *tmp; - ssize_t i = 0; - strfile null = { NULL, 0, 0 }; - strfile ret = { NULL, 0, 0 }; - - fd1 = open (file, 0); - if (fd1 == -1) - { - gnutls_assert (); - return null; - } - - if (fstat (fd1, &stat_st) == -1) - { - gnutls_assert (); - goto error; - } - - tot_size = stat_st.st_size; - if (tot_size == 0) - { - gnutls_assert (); - goto error; - } -#ifdef HAVE_MMAP - if ((tmp = - mmap (NULL, tot_size, PROT_READ, MAP_SHARED, fd1, 0)) != MAP_FAILED) - { - ret.mmaped = 1; - ret.data = tmp; - ret.size = tot_size; - - close (fd1); - return ret; - } -#endif - - ret.data = gnutls_malloc (tot_size); - if (ret.data == NULL) - { - gnutls_assert (); - goto error; - } - - left = tot_size; - while (left > 0) - { - i = read (fd1, &ret.data[tot_size - left], left); - if (i == -1) - { - if (errno == EAGAIN || errno == EINTR) - continue; - else - { - gnutls_assert (); - goto error; - } - } - else if (i == 0) - break; - - left -= i; - } - - ret.size = tot_size - left; - - ret.mmaped = 0; - - close (fd1); - - return ret; - -error: - - if (!ret.mmaped) - gnutls_free (ret.data); - close (fd1); - return null; -} - /* Reads a certificate file */ static int @@ -864,17 +745,17 @@ const char *certfile, gnutls_x509_crt_fmt_t type) { int ret; - strfile x; + size_t size; + char *data = read_binary_file (certfile, &size); - x = _gnutls_file_to_str (certfile); - if (x.data == NULL) + if (data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - ret = read_cert_mem (res, x.data, x.size, type); - _gnutls_strfile_free (&x); + ret = read_cert_mem (res, data, size, type); + free (data); return ret; @@ -890,17 +771,17 @@ const char *keyfile, gnutls_x509_crt_fmt_t type) { int ret; - strfile x; + size_t size; + char *data = read_binary_file (keyfile, &size); - x = _gnutls_file_to_str (keyfile); - if (x.data == NULL) + if (data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - ret = read_key_mem (res, x.data, x.size, type); - _gnutls_strfile_free (&x); + ret = read_key_mem (res, data, size, type); + free (data); return ret; } @@ -1482,10 +1363,10 @@ gnutls_x509_crt_fmt_t type) { int ret, ret2; - strfile x; + size_t size; + char *data = read_binary_file (cafile, &size); - x = _gnutls_file_to_str (cafile); - if (x.data == NULL) + if (data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; @@ -1493,12 +1374,12 @@ if (type == GNUTLS_X509_FMT_DER) ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, - x.data, x.size); + data, size); else ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, - x.data, x.size); + data, size); - _gnutls_strfile_free (&x); + free (data); if (ret < 0) { @@ -1776,10 +1657,10 @@ gnutls_x509_crt_fmt_t type) { int ret; - strfile x; + size_t size; + char *data = read_binary_file (crlfile, &size); - x = _gnutls_file_to_str (crlfile); - if (x.data == NULL) + if (data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; @@ -1787,12 +1668,12 @@ if (type == GNUTLS_X509_FMT_DER) ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - x.data, x.size); + data, size); else ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls, - x.data, x.size); + data, size); - _gnutls_strfile_free (&x); + free (data); if (ret < 0) { @@ -2000,7 +1881,6 @@ gnutls_x509_crt_t cert = NULL; gnutls_x509_crl_t crl = NULL; int ret; - strfile x; ret = gnutls_pkcs12_init (&p12); if (ret < 0) @@ -2009,19 +1889,16 @@ return ret; } - x = _gnutls_file_to_str (pkcs12file); - if (x.data == NULL) + p12blob.data = read_binary_file (pkcs12file, &p12blob.size); + if (p12blob.data == NULL) { gnutls_assert (); gnutls_pkcs12_deinit (p12); return GNUTLS_E_FILE_ERROR; } - p12blob.data = x.data; - p12blob.size = x.size; - ret = gnutls_pkcs12_import (p12, &p12blob, type, 0); - _gnutls_strfile_free (&x); + free (p12blob.data); if (ret < 0) { gnutls_assert (); Index: lib/strfile.h =================================================================== RCS file: lib/strfile.h diff -N lib/strfile.h --- lib/strfile.h 7 Nov 2005 23:27:59 -0000 2.6 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2000, 2001, 2003, 2004, 2005 Free Software Foundation - * - * Author: Nikos Mavroyanopoulos - * - * This file is part of GNUTLS. - * - * The GNUTLS library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public License - * as published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, - * USA - * - */ - -typedef struct -{ - opaque *data; - size_t size; - int mmaped; -} strfile; - -void _gnutls_strfile_free (strfile * x); -strfile _gnutls_file_to_str (const char *file); Index: libextra/gnutls_openpgp.c =================================================================== RCS file: /cvs/gnutls/gnutls/libextra/gnutls_openpgp.c,v retrieving revision 1.103 retrieving revision 1.104 diff -u -r1.103 -r1.104 --- libextra/gnutls_openpgp.c 9 Dec 2005 11:22:14 -0000 1.103 +++ libextra/gnutls_openpgp.c 16 Jun 2006 13:29:36 -0000 1.104 @@ -29,7 +29,7 @@ #include "gnutls_datum.h" #include "gnutls_global.h" #include <openpgp/gnutls_openpgp.h> -#include <strfile.h> +#include "read-file.h" #include <gnutls_str.h> #include <stdio.h> #include <gcrypt.h> @@ -723,7 +723,6 @@ struct stat statbuf; int rc = 0; gnutls_datum_t key, cert; - strfile xcert, xkey; if (!res || !keyfile || !certfile) { @@ -737,31 +736,25 @@ return GNUTLS_E_FILE_ERROR; } - xcert = _gnutls_file_to_str (certfile); - if (xcert.data == NULL) + cert.data = read_binary_file (certfile, &cert.size); + if (cert.data == NULL) { gnutls_assert (); return GNUTLS_E_FILE_ERROR; } - xkey = _gnutls_file_to_str (keyfile); - if (xkey.data == NULL) + key.data = read_binary_file (keyfile, &key.size); + if (key.data == NULL) { gnutls_assert (); - _gnutls_strfile_free (&xcert); + free (cert.data); return GNUTLS_E_FILE_ERROR; } - key.data = xkey.data; - key.size = xkey.size; - - cert.data = xcert.data; - cert.size = xcert.size; - rc = gnutls_certificate_set_openpgp_key_mem (res, &cert, &key); - _gnutls_strfile_free (&xcert); - _gnutls_strfile_free (&xkey); + free (cert.data); + free (key.data); if (rc < 0) {