[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful

Simon Josefsson wrote:
Howard Chu<hyc@symas.com> writes:
I strongly recommend that GnuTLS not be used. All of its APIs would
need to be overhauled to correct its flaws and it's clear that the
developers there are too naive and inexperienced to even understand
that it's broken.

I looked at the X.509 API's (x509.h) and I couldn't find any other that didn't take buffer length arguments. I didn't look carefully though.

There is 1 (one) use of 'strcat' in the X.509 code, and it looks correct
to me.  There was 20 uses of 'strlen' in the X.509 code, and I went over
the first matches but when they looked correct I didn't look further.
(For reference, the X.509 code size is around 21000 lines of code.)

If you can give more details, that would be appreciated.

And while we're at it, x509/x509.c uses memmem() which on my system says: man memmem:

       This function is a GNU extension.

This function was broken in Linux libraries up to and including libc 5.0.9; there the
`needle' and `haystack' arguments were interchanged, and a pointer to the end of the first
occurrence of needle was returned. Since libc 5.0.9 is still widely used, this is a danâ
gerous function to use.
Both old and new libc's have the bug that if needle is empty haystack-1 (instead of
haystack) is returned. And glibc 2.0 makes it worse, and returns a pointer to the last
byte of `haystack'. This is fixed in glibc 2.1.

While I would expect that most Linux sites are running something newer than glibc 2.1 these days, it's still a poor choice to use a GNU-specific library function in portable code. Not all the world runs Linux. I've been involved with the FSF since 1988 and I still have to accept the fact that the GNU way isn't the only way.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/