Public bug reported:
Bug occurs when interacting with some but not all SSL-webservers, so it
seems to be triggered by the remote side, crashing a zabbix monitoring
system when connecting to a problematic Apache 2.4 server in my case.
Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
at x509.c:176
176 x509.c: No such file or directory.
(gdb) bt
#0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
format=GNUTLS_X509_FMT_DER) at x509.c:176
#1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#7 0xb6e888a0 in curl_multi_perform ()
from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#8 0xb6e7f6fb in curl_easy_perform ()
from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#9 0xb76be6aa in process_httptests ()
#10 0xb76bca56 in main_httppoller_loop ()
#11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
#12 0xb76ef49b in daemon_start ()
#13 0xb7690abf in main ()
According to [1], calling the function with data=NULL seems forbidden. It
seems, that [2] is a similar report for curl. The upstream patch seems to be
announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0
- May 21 2014".
Also the packages in Unicorn should already include the patch but adding it on
Trusty (production) seems not a good idea due to change in package dependencies.
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy libcurl3-gnutls
libcurl3-gnutls:
Installed: 7.35.0-1ubuntu2
Candidate: 7.35.0-1ubuntu2
Version table:
*** 7.35.0-1ubuntu2 0
500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386
Packages
100 /var/lib/dpkg/status
[1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
[2] http://curl.haxx.se/mail/lib-2014-04/0145.html
[3] http://curl.haxx.se/changes.html
** Affects: curl (Ubuntu)
Importance: Undecided
Status: New
** Affects: transmission (Ubuntu)
Importance: Undecided
Status: New
** Affects: zabbix (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to transmission in Ubuntu.
https://bugs.launchpad.net/bugs/1368099
Title:
libcurl3-gnutls application crashes with NULL-pointer deref
Status in “curl” package in Ubuntu:
New
Status in “transmission” package in Ubuntu:
New
Status in “zabbix” package in Ubuntu:
New
Bug description:
Bug occurs when interacting with some but not all SSL-webservers, so
it seems to be triggered by the remote side, crashing a zabbix
monitoring system when connecting to a problematic Apache 2.4 server
in my case.
Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
at x509.c:176
176 x509.c: No such file or directory.
(gdb) bt
#0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
format=GNUTLS_X509_FMT_DER) at x509.c:176
#1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#7 0xb6e888a0 in curl_multi_perform ()
from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#8 0xb6e7f6fb in curl_easy_perform ()
from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#9 0xb76be6aa in process_httptests ()
#10 0xb76bca56 in main_httppoller_loop ()
#11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
#12 0xb76ef49b in daemon_start ()
#13 0xb7690abf in main ()
According to [1], calling the function with data=NULL seems forbidden. It
seems, that [2] is a similar report for curl. The upstream patch seems to be
announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0
- May 21 2014".
Also the packages in Unicorn should already include the patch but adding it
on Trusty (production) seems not a good idea due to change in package
dependencies.
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
# apt-cache policy libcurl3-gnutls
libcurl3-gnutls:
Installed: 7.35.0-1ubuntu2
Candidate: 7.35.0-1ubuntu2
Version table:
*** 7.35.0-1ubuntu2 0
500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386
Packages
100 /var/lib/dpkg/status
[1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
[2] http://curl.haxx.se/mail/lib-2014-04/0145.html
[3] http://curl.haxx.se/changes.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1368099/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
