[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential double free in asn1_delete_structure2

From: Nikos Mavrogiannopoulos
Subject: Re: Potential double free in asn1_delete_structure2
Date: Wed, 29 Mar 2017 18:27:17 +0200

On Wed, 2017-03-29 at 09:42 -0500, Brandon Perry wrote:
> > On Mar 29, 2017, at 9:35 AM, Nikos Mavrogiannopoulos <n.mavrogianno
> > address@hidden> wrote:
> > 
> > Could you please provide a reproducer? The easiest to create it
> > would
> > be following decoding-invalid-pkcs7 lines in tests/
> Let me see what I can do. It is easy to reproduce with FreeTDS,
> though.
> Compile FreeTDS ( and preeny (http
> s://
> You then use the preeny to force the FreeTDS binary tsql to
> read data from stdin instead of network IO.
> export LD_PRELOAD=~/preeny/x86_64-linux-gnu/
> ~/tsql  -S -U fdsa -P fdsa < file_to_repro_crash
> Perhaps you could compile FreeTDS with a debug copy of
> GnuTLS/libtasn1 to make it easier to track down? I can also work on a
> reproducible test case in the mean time, but I am not sure at all how
> long this could take.

I'd really prefer a reproducer for libtasn1 proper. There can be other
factors that lead to a double free and simple reproducer will make sure
that the error is pin-pointed to libtasn1.

> Do you want the file that reproduces the crash to be sent here on the
> list or separately?

The list is fine.

> > >   None                      @ 0x00007ffff512e22a: in
> > > /usr/lib/x86_64-linux-gnu/
> > >   asn1_delete_structure2    @ 0x00007ffff512f418: in
> > > /usr/lib/x86_64-linux-gnu/
> > >   None                      @ 0x00007ffff720e27c: in
> > > /usr/lib/x86_64-linux-gnu/

As far as I understand that's a crash on the deinitialization of
gnutls. That's pretty weird. Have you checked with valgrind or asan
that there is no memory corruption involved somewhere?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]