cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3

From: Damian Dixon <damian.dixon_at_envitia.com>
Date: Sun, 20 Apr 2014 08:44:26 +0000

Hi,

If I do the following change:

  if (chainp)
    gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);

I get the following output:

Bit off front chopped off… as same as previous log.
gnutls[4]: REC[0x1900d50]: Alert[1|112] - The server name sent was not recognized - was received
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_record.c:771
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_record.c:1306
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_buffers.c:1324
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_handshake.c:1412
* gnutls_handshake() warning: The server name sent was not recognized
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_ui.c:496
* common name: WARNING couldn't obtain
* server certificate verification SKIPPED
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/dn.c:310
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/dn.c:420
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/x509.c:507
* error fetching CN from cert:The requested data were not available.
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/dn.c:310
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/dn.c:420
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/x509.c:507
* common name: �� (does not match 'gemini')
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/common.c:781
* server cert expiration date verify failed
* Closing connection 0
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_record.c:342
gnutls[4]: REC[0x1900d50]: Start of epoch cleanup
gnutls[4]: REC[0x1900d50]: End of epoch cleanup
gnutls[4]: REC[0x1900d50]: Epoch #0 freed
gnutls[4]: REC[0x1900d50]: Epoch #1 freed

So no crash.

The certificate has probably not be read… which caused the null-dereference…

As to why the certificate has not been read I don’t know. Probably something to do with the server name? Any hints would be very helpful :>>

Regards
Damian

From: Damian Dixon
Sent: 20 April 2014 08:51
To: 'curl-library_at_cool.haxx.se'
Subject: Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3

Hi,

I get a null pointer dereference here:

Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0x1ad4590, data=0x0, format=GNUTLS_X509_FMT_DER)
    at /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/x509.c:171
171 _data.data = data->data;

This is called from gtls_connect_step3.

Tracing though chainp could be null if the certificate USE_TLS_SRP is defined at build time.

gnutls_x509_crt_import(x509_cert, chainp, GNUTLS_X509_FMT_DER);

I have the following set as I know this is a self-signed web-server.

curl_easy_setopt(easy, CURLOPT_SSL_VERIFYPEER, 0 );
curl_easy_setopt(easy, CURLOPT_SSL_VERIFYHOST, 0 );

I don’t know very much about internals of libcurl…

Let me know if you need any additional information.

Thanks
Damian

Versions used:
GNUTLS 3.2.9
Curl 7.37.0
Nettle 2.7

Verbose log:
* Hostname was NOT found in DNS cache
* Trying 192.168.1.127...
* Connected to gemini (192.168.1.127) port 443 (#0)
* found 149 certificates in /etc/pki/tls/certs/ca-bundle.crt
gnutls[4]: REC[0x16e3d50]: Allocating epoch #0
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_constate.c:583
gnutls[4]: REC[0x16e3d50]: Allocating epoch #1
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256 (C0.86)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_GCM_SHA384 (C0.87)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 (C0.72)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 (C0.73)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.8A)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.8B)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA384 (C0.28)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_128_CBC_SHA256 (C0.76)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_CAMELLIA_256_CBC_SHA384 (C0.77)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_256_GCM_SHA384 (00.9D)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_128_GCM_SHA256 (C0.7A)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_256_GCM_SHA384 (C0.7B)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA256 (00.BA)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA256 (00.C0)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_256_GCM_SHA384 (00.9F)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_GCM_SHA256 (C0.7C)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_GCM_SHA384 (C0.7D)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA256 (00.BE)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA256 (00.C4)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_256_GCM_SHA384 (00.A3)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_GCM_SHA256 (C0.80)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_GCM_SHA384 (C0.81)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA256 (00.BD)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA256 (00.C3)
gnutls[3]: HSK[0x16e3d50]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
gnutls[3]: EXT[0x16e3d50]: Sending extension STATUS REQUEST (5 bytes)
gnutls[3]: EXT[0x16e3d50]: Sending extension SERVER NAME (11 bytes)
gnutls[3]: EXT[0x16e3d50]: Sending extension SAFE RENEGOTIATION (1 bytes)
gnutls[3]: EXT[0x16e3d50]: Sending extension SESSION TICKET (0 bytes)
gnutls[3]: EXT[0x16e3d50]: Sending extension SUPPORTED ECC (12 bytes)
gnutls[3]: EXT[0x16e3d50]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
gnutls[3]: EXT[0x16e3d50]: sent signature algo (4.1) RSA-SHA256
gnutls[3]: EXT[0x16e3d50]: sent signature algo (4.2) DSA-SHA256
gnutls[3]: EXT[0x16e3d50]: sent signature algo (4.3) ECDSA-SHA256
gnutls[3]: EXT[0x16e3d50]: sent signature algo (5.1) RSA-SHA384
gnutls[3]: EXT[0x16e3d50]: sent signature algo (5.3) ECDSA-SHA384
gnutls[3]: EXT[0x16e3d50]: sent signature algo (6.1) RSA-SHA512
gnutls[3]: EXT[0x16e3d50]: sent signature algo (6.3) ECDSA-SHA512
gnutls[3]: EXT[0x16e3d50]: sent signature algo (3.1) RSA-SHA224
gnutls[3]: EXT[0x16e3d50]: sent signature algo (3.2) DSA-SHA224
gnutls[3]: EXT[0x16e3d50]: sent signature algo (3.3) ECDSA-SHA224
gnutls[3]: EXT[0x16e3d50]: sent signature algo (2.1) RSA-SHA1
gnutls[3]: EXT[0x16e3d50]: sent signature algo (2.2) DSA-SHA1
gnutls[3]: EXT[0x16e3d50]: sent signature algo (2.3) ECDSA-SHA1
gnutls[3]: EXT[0x16e3d50]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
gnutls[3]: HSK[0x16e3d50]: CLIENT HELLO was queued [254 bytes]
gnutls[7]: HWRITE: enqueued [CLIENT HELLO] 254. Total 254 bytes.
gnutls[7]: HWRITE FLUSH: 254 bytes in buffer.
gnutls[4]: REC[0x16e3d50]: Preparing Packet Handshake(22) with length: 254 and min pad: 0
gnutls[9]: ENC[0x16e3d50]: cipher: NULL, MAC: MAC-NULL, Epoch: 0
gnutls[7]: WRITE: enqueued 259 bytes for 0xa. Total 259 bytes.
gnutls[4]: REC[0x16e3d50]: Sent Packet[1] Handshake(22) in epoch 0 and length: 259
gnutls[7]: HWRITE: wrote 1 bytes, 0 bytes left.
gnutls[7]: WRITE FLUSH: 259 bytes in buffer.
gnutls[7]: WRITE: wrote 259 bytes, 0 bytes left.
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_buffers.c:1073
gnutls[7]: READ: -1 returned from 0xa, errno=11 gerrno=0
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_buffers.c:518
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_buffers.c:1073
gnutls[7]: READ: Got 5 bytes from 0xa
gnutls[7]: READ: read 5 bytes from 0xa
gnutls[7]: RB: Have 0 bytes into buffer. Adding 5 bytes.
gnutls[7]: RB: Requested 5 bytes
gnutls[4]: REC[0x16e3d50]: SSL 3.3 Alert packet received. Epoch 0, length: 2
gnutls[4]: REC[0x16e3d50]: Expected Packet Handshake(22)
gnutls[4]: REC[0x16e3d50]: Received Packet Alert(21) with length: 2
gnutls[7]: READ: Got 2 bytes from 0xa
gnutls[7]: READ: read 2 bytes from 0xa
gnutls[7]: RB: Have 5 bytes into buffer. Adding 2 bytes.
gnutls[7]: RB: Requested 7 bytes
gnutls[4]: REC[0x16e3d50]: Decrypted Packet[0] Alert(21) with length: 2
gnutls[4]: REC[0x16e3d50]: Alert[1|112] - The server name sent was not recognized - was received
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_record.c:771
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_record.c:1306
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_buffers.c:1324
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_handshake.c:1412
* gnutls_handshake() warning: The server name sent was not recognized
gnutls[2]: ASSERT: /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/gnutls_ui.c:496
* common name: WARNING couldn't obtain
* server certificate verification SKIPPED

Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0x1ad4590, data=0x0, format=GNUTLS_X509_FMT_DER)
    at /home/damian/maplink_8_0/SDK/ThirdParty/gnutls/lib/x509/x509.c:171
171 _data.data = data->data;
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 glibc-2.12-1.132.el6.x86_64 libICE-1.0.6-1.el6.x86_64 libSM-1.2.1-2.el6.x86_64 libX11-1.5.0-4.el6.x86_64 libXau-1.0.6-4.el6.x86_64 libXcursor-1.1.13-6.20130524git8f677eaea.el6.x86_64 libXext-1.3.1-2.el6.x86_64 libXfixes-5.0-3.el6.x86_64 libXft-2.3.1-2.el6.x86_64 libXrender-0.9.7-2.el6.x86_64 libgcc-4.4.7-4.el6.x86_64 libstdc++-4.4.7-4.el6.x86_64 libuuid-2.17.2-12.14.el6.x86_64 libxcb-1.8.1-1.el6.x86_64
(gdb) print data
$1 = (const gnutls_datum_t *) 0x0

Envitia
See the world as it really is

Damian Dixon, BSc(Hons), BSc(Hons), FRGS
Principal Engineer, MapLink Team Leader
• Tel: +44 1403 273 173
7 Fax: +44 1403 273 123
• Email: damian.dixon_at_envitia.com<mailto:damian.dixon_at_envitia.com>
• Web: www.envitia.com<http://www.envitia.com>
ISO 9001:2008 Quality Management System Accreditation

[Logo for SIGNATURE]
__________________________________________________________________________________________________
This email is intended for the use of the addressee(s) only. The content and any attachments may be privileged and/or
contain confidential information and copyright material. If you are not the addressee you may not use, copy or disclose
the information in it. If you receive this email by mistake, please advise the sender by using the reply facility in your email
software or the contact information above, before deleting it and destroying any hard copies.
We accept no responsibility or liability for content in this email that is personal or otherwise unconnected with our business.
Although this email and attachments have been swept for viruses, we do not accept liability for any loss arising from its use.

Envitia Ltd
Registered No: 2348404 England
North Heath Lane, Horsham, West Sussex RH12 5UX
__________________________________________________________________________________________________

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-04-20

This message: [ Message body ]
Next message: Daniel Stenberg: "bug #1360 SSL regression in 7.36.0 on Amazon Linux"
Previous message: Damian Dixon: "Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3"
Maybe in reply to: Damian Dixon: "Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3"
Next in thread: Daniel Stenberg: "RE: Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3"
Reply: Daniel Stenberg: "RE: Null pointer being passed to gnutls_x509_crt_import in gtls_connect_step3"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]