ASA-2019-00158 – GnuTLS: Use-after-free/double-free in certificate verification

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00158

Identifier(s)

ASA-2019-00158, CVE-2019-3829, GNUTLS-SA-2019-03-27

Title

Use-after-free/double-free in certificate verification

Vendor(s)

The GnuTLS Project

Product(s)

GnuTLS

Affected version(s)

GnuTLS 3.5.8 or later

Fixed version(s)

GnuTLS 3.6.7

Proof of concept

Yes

Description

A flaw was found in gnutls 3.5.8 or later. A use-after-free in multi-threaded-clients and a double-free vulnerability in single-threaded clients because _gnutls_x509_get_signature does not clear signature->data in the cleanup path.

Technical details

This is a critical memory corruption vulnerability in any API backed by verify_crt(), including gnutls_x509_trust_list_verify_crt() and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely affected and can be compromised by a malicious server or active network attacker.

In multi-threaded-clients this is a use-after-free vulnerability, and a double-free vulnerability in single-threaded clients.

The core bug is that _gnutls_x509_get_signature does not clear signature->data in the cleanup path:

lib/x509/common.c

cleanup:
gnutls_free(signature->data); // <- pointer in datum parameter freed, but not cleared
return result;
}

Callers like check_if_ca assume that if _gnutls_x509_get_signature ever sets that parameter, then it can be safely freed, but that is not true:

lib/x509/verify.c
ret =
_gnutls_x509_get_signature(cert->cert, "signature",
&cert_signature);
if (ret < 0) {
gnutls_assert();
goto fail;
}
// ...
fail:
result = 0;

cleanup:
_gnutls_free_datum(&cert_signed_data);
_gnutls_free_datum(&issuer_signed_data);
_gnutls_free_datum(&cert_signature); // <--- freed again
_gnutls_free_datum(&issuer_signature);
return result;
}

Credits

Tavis Ormandy (Google Project Zero)

Reference(s)

GnuTLS
https://www.gnutls.org/security-new.html#GNUTLS-SA-2019-03-27

SECURITY: CVE-2019-3829: critical use after free vulnerability in verify_crt()
https://gitlab.com/gnutls/gnutls/issues/694

CVE-2019-3829 - Red Hat Customer Portal
https://access.redhat.com/security/cve/CVE-2019-3829

CVE-2019-3829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829

CVE-2019-3829
https://nvd.nist.gov/vuln/detail/CVE-2019-3829

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: March 27, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.