GNU bug report logs - #23759
25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist

Previous Next

Package: emacs;

Reported by: flitterio <at> gmail.com (Francis Litterio)

Date: Sun, 12 Jun 2016 21:35:02 UTC

Severity: normal

Tags: security, wontfix

Found in version 25.1.50

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #62 received at 23759 <at> debbugs.gnu.org (full text, mbox):

From: Konstantin Kliakhandler <kosta <at> slumpy.org>
To: Ted Zlatanov <tzz <at> lifelogs.com>,
 Noam Postavsky <npostavs <at> users.sourceforge.net>
Cc: 23759 <at> debbugs.gnu.org
Subject: Re: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed
 gnutls-cli command if trusted cert files don't exist
Date: Fri, 8 Jul 2016 01:40:13 +0300

[Message part 1 (text/plain, inline)]
Hello Ted,

Sorry, I saw the message but didn't get a chance to act on it. Writing a
joking remark on a mobile phone takes much less time and effort...

Anyway,

T> Perhaps there can be a way to say
T> "if this %t is empty, remove the preceding --argument as well"
T>  in the format string? That would simplify the whole thing, like so:

T> "gnutls-cli --x509cafile %T -p %p %h"

T> ...becomes "gnutls-cli -p PORT HOST"
T> when the %T parameter is nil. Just an idea...

I toyed with this idea, and even implemented something of the sort, but
from a bit different different direction - I added another replacement
variable - %c - and made the list tls-program now contain pairs with
(string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--x509cafile")
have both %c and %T replaced (together) as appropriate.

The problem with this approach is, what about people who customized this
setting? So, I made it backward compatible with the old standard.
Eventually however, it turned into a an ugly big mess due to the backward
compatability and I decided against submitting.

There is a similar problem of backward compatibility in your approach -
what if someone customized it in such a way that wasn't expecting an
argument to be removed, and it would create a vulnerability in their setup?
I also don't see a simple way to do it nicely, but have no objections on
those grounds, of course.

Finally, I would do the patch but am uncertain whether it would be better
to wait for your results from emacs-devel and remove the ssl3 bit as well
(or just go ahead and do it). Let me know and I'll send the appropriate
patch.

Best,
Kosta

-- 
Konstantin Kliakhandler
    http://slumpy.org
          )°) )°( (°(

On Thu, 7 Jul 2016 at 20:10 Ted Zlatanov <tzz <at> lifelogs.com> wrote:

> Kosta: ping, I noted some minor needed improvements in my last message,
> maybe you missed it... Thanks!
>
> Ted
>

[Message part 2 (text/html, inline)]
This bug report was last modified 6 years and 73 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.