If this were a library used in a game or a bug in a screensaver I could see letting a formatting error in a string crash abort any program using the library sit for a year. I'm staggered really to experience this for a package as widely touted as gnutls, contending to be a replacement for openssl, and especially in a business supporting group like ubuntu that aims for site installs.
I think this 11-month 'maintainers have higher priorities' event is a strong sign gnutls just is so not ready for mission critical deployment that whatever priority it may have on launchpad--- in the maintainers minds this is a 'might fix, won't deploy'. I've compiled it against openssl, and it's solid. Though I've stuck with ubuntu for many years now I have to agree with the sentiment upstream: this is a confidence buster. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1103353 Title: Invalid GnuTLS cipher suite strings causes libldap to crash Status in openldap package in Ubuntu: Triaged Status in openldap package in Debian: Fix Released Bug description: If the cipher suite string is unacceptable to GnuTLS, libldap_r-2.4 crashes due to a double free. GnuTLS is extremely picky about the cipher suite strings it accepts; as a first measure, try LDAP cipher suite string "SECURE256" or "NORMAL". If that stops the crash, then you have encountered this bug. Typically, the crash report begins with something like *** glibc detected *** APPLICATION: double free or corruption (!prev) /lib/x86_64-linux-gnu/libc.so.6(+0x7eb96)[0x7fc68cff0b96] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x38769)[0x7fc68bb13769] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x3570e)[0x7fc68bb1070e] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(ldap_pvt_tls_init_def_ctx+0x1d)[0x7fc68bb108ed] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x35965)[0x7fc68bb10965] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(+0x35a6d)[0x7fc68bb10a6d] /usr/lib/x86_64-linux-gnu/libldap_r-2.4.so.2(ldap_int_tls_start+0x5d)[0x7fc68bb1149d] The actual double free happens in openldap/libraries/libldap/tls2.c:ldap_int_tls_init_ctx(), in the ldap_pvt_tls_ctx_free(lo->ldo_tls_ctx); call in the error_exit: path. The root cause of the double free is lack of GnuTLS return value checks when calling gnutls_priority*() functions. The code simply assumes they succeed, and when GnuTLS fails to provide a valid context due to those failures, ldap_int_tls_init_ctx() tries to free the never-fully-initialized context. A simple fix is to create GnuTLS security contexts using the configured cipher suite string, instead of "NORMAL" as openldap/libraries/libldap/tls_g.c now does. If the cipher suite string is invalid, then do not create the context at all. This is caught earlier in ldap_int_tls_init_ctx(), and avoids the crash. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp