]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a2183bd)
lib: fix a segfault in _gnutls13_recv_end_of_early_data
authorXin Long <lucien.xin@gmail.com>
Thu, 1 Feb 2024 21:50:22 +0000 (16:50 -0500)
committerXin Long <lucien.xin@gmail.com>
Tue, 13 Feb 2024 22:15:45 +0000 (17:15 -0500)
A crash occur in my app that uses gnutls13 early data, stack trace:

  #0  free (libc.so.6 + 0x97bf0)
  #1  _gnutls_buffer_clear (libgnutls.so.30 + 0x77c8c)
  #2  _gnutls13_recv_end_of_early_data (libgnutls.so.30 + 0xaf308)
  #3  _gnutls13_handshake_server (libgnutls.so.30 + 0x42d6c)
  #4  handshake_server (libgnutls.so.30 + 0x4ff6c)

The root cause is that _gnutls_buffer_clear() was trying to free
'buf' that is not initialized or set if GNUTLS_NO_END_OF_EARLY_DATA
flag is set on server side.

This patch fixes it by simply initializing buf at the begginning of
_gnutls13_recv_end_of_early_data().

Signed-off-by: Xin Long <lucien.xin@gmail.com>
lib/tls13/early_data.c patch | blob | blame | history

diff --git a/lib/tls13/early_data.c b/lib/tls13/early_data.c
index 4be998825c1e4c87c965b845798f2fd5d8cb9c4d..55cb91ec851f6351fd978cfb16220eb5e7e1fd1e 100644 (file)
--- a/lib/tls13/early_data.c
+++ b/lib/tls13/early_data.c
@@ -78,6 +78,8 @@ int _gnutls13_recv_end_of_early_data(gnutls_session_t session)
        int ret;
        gnutls_buffer_st buf;
 
+       _gnutls_buffer_init(&buf);
+
        if (!(session->security_parameters.entity == GNUTLS_SERVER &&
              session->internals.hsk_flags & HSK_EARLY_DATA_ACCEPTED))
                return 0;
Mirror of https://gitlab.com/gnutls/gnutls.git