Security Bug due to Unchecked use of GnuTLS function

Yuan Jochen Kang yjk2106 at columbia.edu
Mon Apr 18 19:39:17 EDT 2016 

Hi Ethan,

Yes, I agree with your assessment.

Best,
Yuan

On Tue, Apr 12, 2016 at 9:47 AM, Ethan Blanton <elb at pidgin.im> wrote:

> Yuan Jochen Kang spake unto us the following wisdom:
> > We are security researchers at Columbia University and the University of
> > Virginia. As part of a research project, we have built a tool for
> > automatically finding error handling bugs and are testing it on various
> > cryptographic libraries and applications that use them.
> >
> > We discovered that failures of gnutls_x509_crt_init are sometimes
> ignored,
> > which could make the resulting certificate invalid.
>
> I see two instances of this.  I agree that it is a problem, and needs
> to be fixed.
>
> However, I think (please correct me if I am wrong) that the
> possibility for failure is extremely small (analysis follows), and in
> fact likely to be caught in other ways that mitigate the problem.
> Therefore, I would suggest that we add this fix to our queue of
> security fixes for the next regular release (which I believe is
> currently empty) and perform a coordinated release (with CVE) at that
> time.
>
> I think this is a pretty slim possibility because, after having
> examined the gnutls source, it appears that the function in question
> can fail in only three circumstances:
>
> 1) GnuTLS has not been initialized or is not properly configured.
>    This would have caused a failure somewhere else.  We shouldn't rely
>    on that, but it is certainly a mitigating factor.
>
> 2) A failure to allocate memory.  This is mitigated by the fact that
>    Pidgin aborts on failure to allocate, and so it will almost
>    certainly fail elsewhere in this process and abort before any
>    substantial damage can be done. It's true that this is a race
>    (gnutls potentially uses a different allocator than Pidgin, which
>    uses the glib allocator), so a bug that allowed arbitrary
>    allocation pre-SSL-handshake, for example, could make this gnutls
>    bug much worse; however, I think the window is relatively small and
>    the likelihood of exploiting low.
>
> 3) A failure in the ASN.1 dictionary.  This indicates a
>    misconfiguration/mis-installation/error in GnuTLS itself.  In this
>    case, I doubt we can trust its certificate verification anyway!
>    Even if we can, it's likely to fail somewhere else that is
>    detected.
>
> So, in summary, I completely agree that this is an error that should
> be corrected, but I don't think it's an emergency.  Agreed?
>
> Ethan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160418/a6626f3e/attachment.html>

More information about the security mailing list