[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some crashes on using DSA keys
From: |
Simon Josefsson |
Subject: |
Re: some crashes on using DSA keys |
Date: |
Mon, 20 Apr 2009 21:52:16 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.90 (gnu/linux) |
Miroslav Kratochvil <address@hidden> writes:
>> Please see if you can make an unmodified 2.6.5 server crash.
>
> OK, after some amount of effort the server stays impenetrable, so this
> doesn't seem as any source of attacks. (I also tried modified client
> that pushes the bad DSA keys.)
>
> Still, it would be nice if anyone could confirm this with (possibly)
> some more research, as I'm not very skilled at it.
There are certainly double-free's going on in pk-libgcrypt.c, and it
would be useful to see which can be exploited. I'm looking at the code
now.
The minimal way to reproduce it is with:
gnutls-serv --x509dsakeyfile ssl.key --x509dsacertfile ssl.crt
gnutls-cli localhost -p 5556
Using the ssl.key/ssl.crt file from your earlier e-mail.
/Simon