Security Bug due to Unchecked use of GnuTLS function

Ethan Blanton elb at pidgin.im
Tue Apr 12 09:47:56 EDT 2016


Yuan Jochen Kang spake unto us the following wisdom:
> We are security researchers at Columbia University and the University of
> Virginia. As part of a research project, we have built a tool for
> automatically finding error handling bugs and are testing it on various
> cryptographic libraries and applications that use them.
> 
> We discovered that failures of gnutls_x509_crt_init are sometimes ignored,
> which could make the resulting certificate invalid.

I see two instances of this.  I agree that it is a problem, and needs
to be fixed.

However, I think (please correct me if I am wrong) that the
possibility for failure is extremely small (analysis follows), and in
fact likely to be caught in other ways that mitigate the problem.
Therefore, I would suggest that we add this fix to our queue of
security fixes for the next regular release (which I believe is
currently empty) and perform a coordinated release (with CVE) at that
time.

I think this is a pretty slim possibility because, after having
examined the gnutls source, it appears that the function in question
can fail in only three circumstances:

1) GnuTLS has not been initialized or is not properly configured.
   This would have caused a failure somewhere else.  We shouldn't rely
   on that, but it is certainly a mitigating factor.

2) A failure to allocate memory.  This is mitigated by the fact that
   Pidgin aborts on failure to allocate, and so it will almost
   certainly fail elsewhere in this process and abort before any
   substantial damage can be done. It's true that this is a race
   (gnutls potentially uses a different allocator than Pidgin, which
   uses the glib allocator), so a bug that allowed arbitrary
   allocation pre-SSL-handshake, for example, could make this gnutls
   bug much worse; however, I think the window is relatively small and
   the likelihood of exploiting low.

3) A failure in the ASN.1 dictionary.  This indicates a
   misconfiguration/mis-installation/error in GnuTLS itself.  In this
   case, I doubt we can trust its certificate verification anyway!
   Even if we can, it's likely to fail somewhere else that is
   detected.

So, in summary, I completely agree that this is an error that should
be corrected, but I don't think it's an emergency.  Agreed?

Ethan


More information about the security mailing list