Ubuntu
zabbix package

libcurl3-gnutls application crashes with NULL-pointer deref

Bug #1368099 reported by Roman Fiedler
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
curl (Ubuntu)
New
Undecided
Unassigned
transmission (Ubuntu)
New
Undecided
Unassigned
zabbix (Ubuntu)
New
Undecided
Unassigned

Bug Description

Bug occurs when interacting with some but not all SSL-webservers, so it seems to be triggered by the remote side, crashing a zabbix monitoring system when connecting to a problematic Apache 2.4 server in my case.

Program received signal SIGSEGV, Segmentation fault.
gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0, format=GNUTLS_X509_FMT_DER)
    at x509.c:176
176 x509.c: No such file or directory.
(gdb) bt
#0 gnutls_x509_crt_import (cert=0xb8c9bc30, data=0x0,
    format=GNUTLS_X509_FMT_DER) at x509.c:176
#1 0xb6ea253a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#2 0xb6ea3209 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#3 0xb6ea3e18 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#4 0xb6e6511c in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#5 0xb6e74328 in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#6 0xb6e87b7a in ?? () from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#7 0xb6e888a0 in curl_multi_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#8 0xb6e7f6fb in curl_easy_perform ()
   from /usr/lib/i386-linux-gnu/libcurl-gnutls.so.4
#9 0xb76be6aa in process_httptests ()
#10 0xb76bca56 in main_httppoller_loop ()
#11 0xb76979a9 in MAIN_ZABBIX_ENTRY ()
#12 0xb76ef49b in daemon_start ()
#13 0xb7690abf in main ()

According to [1], calling the function with data=NULL seems forbidden. It seems, that [2] is a similar report for curl. The upstream patch seems to be announced in [3] as "gtls: fix NULL pointer dereference", date "Fixed in 7.37.0 - May 21 2014".
Also the packages in Unicorn should already include the patch but adding it on Trusty (production) seems not a good idea due to change in package dependencies.

# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04

# apt-cache policy libcurl3-gnutls
libcurl3-gnutls:
  Installed: 7.35.0-1ubuntu2
  Candidate: 7.35.0-1ubuntu2
  Version table:
 *** 7.35.0-1ubuntu2 0
        500 http://debarchive-ehealth.d03.arc.local/ubuntu/ trusty/main i386 Packages
        100 /var/lib/dpkg/status

[1] http://manned.org/gnutls_x509_crt_import/a0fb5c1f
[2] http://curl.haxx.se/mail/lib-2014-04/0145.html
[3] http://curl.haxx.se/changes.html

Revision history for this message
Roman Fiedler (roman-fiedler-deactivatedaccount) wrote :

Seems to be similar to [1], although cause in [1] to end up at the very same position might due to another problem also in transmission.

[1] https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/1304004

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.