[gnutls-dev] Re: [Fwd: crash in GNUTLS-1.4.0]

[Simon Josefsson]

With some guess-work, I was able to reproduce the problem, and the
patch is below.  I'm not yet sure what it is that trigger the problem.
If I replace the server key/certificate with another pair, it doesn't
crash, and if I instead replace the CA certificate with another CA
certificate, it doesn't crash either.  So it seems it is a combination
with the particular CA certificate and server key/certificate that you
sent.

I'm going away over the weekend, so if anybody here wants to analyze
this further, that would be appreciated.  Here is the recipe to
reproduce the crash:

$ gnutls-serv --x509keyfile key.pem --x509certfile newcert.pem
...
$ gnutls-cli --x509cafile cacert.pem --port 5556 localhost

I'm labeling this problem as GNUTLS-SA-2006-02 because, under some
unclear situations, it is a remotely triggered crash of clients.

/Simon

Index: gnutls_algorithms.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/gnutls_algorithms.c,v
retrieving revision 2.156
retrieving revision 2.157
diff -u -p -r2.156 -r2.157
--- gnutls_algorithms.c 15 Dec 2005 13:24:29 -0000      2.156
+++ gnutls_algorithms.c 11 Aug 2006 22:40:36 -0000      2.157
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2000, 2002, 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -563,7 +563,7 @@ _gnutls_x509_oid2mac_algorithm (const ch
 {
   gnutls_mac_algorithm_t ret = 0;
 
-  GNUTLS_HASH_LOOP (if (strcmp (oid, p->oid) == 0)
+  GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
                    {
                    ret = p->id; break;}
   );

newcert.pem
Description: Binary data

key.pem
Description: Binary data

cacert.pem
Description: Binary data