Headline
CVE-2021-4209: Null pointer dereference in MD_UPDATE (#1306) · Issues · gnutls / GnuTLS · GitLab
A NULL pointer dereference flaw was found in GnuTLS. As Nettle’s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.
Description of problem:
Using gnutls with guile disabled, null pointer may passed to memcpy as argument 2, causing null pointer dereference.
How to reproduce:
You can easily reproduce this issue:
Build gnutls with UBSan:
CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./bootstrap CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./configure --disable-guile --disable-doc CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" make
Run server:
./gnutls/src/.libs/gnutls-serv -p 7834 -d 9999
Run client:
$ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="…/…/lib/.libs:/usr/lib64" ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK
Then the program will crash with the following log:
Processed 128 CA certificate(s).
Resolving 'localhost:7834'...
Connecting to '127.0.0.1:7834'...
sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
#0 0x7f9a7c53f146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
#1 0x7f9a7d935f7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
#2 0x7f9a7d2bc1fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
#3 0x7f9a7d3b8faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
#4 0x7f9a7d455ee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
#5 0x7f9a7d7ed3d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
#6 0x7f9a7d7ebec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
#7 0x7f9a7d7f18af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
#8 0x7f9a7d7e4820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
#9 0x7f9a7d2df26b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
#10 0x7f9a7d45aa69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
#11 0x7f9a7d2dd41a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
#12 0x7f9a7d261e96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
#13 0x7f9a7d23c6db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
#14 0x7f9a7d23b47f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
#15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
#16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
#17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
#18 0x7f9a7ca310b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
Here is the debug information:
$ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="./gnutls/lib/.libs:/usr/lib64" gdb --args ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./gnutls-cli...
(gdb) b /root/projects/bleem/nettle-3.6/sha256.c:100
No source file named /root/projects/bleem/nettle-3.6/sha256.c.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (/root/projects/bleem/nettle-3.6/sha256.c:100) pending.
(gdb) r
Starting program: /root/projects/bleem/gnutls/src/.libs/gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Processed 128 CA certificate(s).
Resolving 'localhost:7834'...
Connecting to '127.0.0.1:7834'...
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5620, length=64,
data=0x7fffffff52a0 '\\' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
100 sha256.c
(gdb) c
Continuing.
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5690, length=64,
data=0x7fffffff52a0 '6' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
100 in sha256.c
(gdb)
Continuing.
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=20, data=0x603000029830 "\210\363\202K>VY\365-")
at sha256.c:100
100 in sha256.c
(gdb)
Continuing.
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=32,
data=0x7fffffff53c0 "\224(\204\365\362W\002\331\327+\200\250\257\234\017\256m8(q5\267\200x\236\332<\023\004\305\067X") at sha256.c:100
100 in sha256.c
(gdb)
Continuing.
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff6720, length=0, data=0x0) at sha256.c:100
100 in sha256.c
(gdb)
Continuing.
sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
[Detaching after fork from child process 3176009]
#0 0x7ffff6799146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
#1 0x7ffff7b8ff7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
#2 0x7ffff75161fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
#3 0x7ffff7612faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
#4 0x7ffff76afee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
#5 0x7ffff7a473d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
#6 0x7ffff7a45ec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
#7 0x7ffff7a4b8af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
#8 0x7ffff7a3e820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
#9 0x7ffff753926b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
#10 0x7ffff76b4a69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
#11 0x7ffff753741a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
#12 0x7ffff74bbe96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
#13 0x7ffff74966db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
#14 0x7ffff749547f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
#15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
#16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
#17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
#18 0x7ffff6c8b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
#19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in
Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5240, length=64,
data=0x7fffffff4ec0 "\310:\216\341j\177\224\020ݚqs\225\372\tV\230\357\242$*\271\003\026\\\234nȓ\343]\231", '\\' <repeats 32 times>, "\001") at sha256.c:100
100 in sha256.c
Related news
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5750-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service.
Ubuntu Security Notice 5550-1 - It was discovered that GnuTLS incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that GnuTLS incorrectly handled the verification of certain pkcs7 signatures. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code.