starttls-gnutls: Fix crash bug in handling of DH parameter loading

bruceg · bruceg · commit a4b5774d071b · 2018-06-20T20:53:03.000-06:00
The DH parameter data is only stored as a pointer, and so must NOT be
deinitialized before they are used. This would cause random segfaults.
diff --git a/NEWS b/NEWS
@@ -1,3 +1,5 @@
+- Fixed crash bug in STARTTLS handling of loaded DH parameters.
+
 -------------------------------------------------------------------------------
 Changes in version 2.20
 
diff --git a/starttls-gnutls.c b/starttls-gnutls.c
@@ -138,7 +138,7 @@ const response* starttls_init(void)
       return NULL;
     }
     gnutls_certificate_set_dh_params(x509_cred, dh_params);
-    gnutls_dh_params_deinit(dh_params);
+    /* Don't deinit the dh_params, since the above only stores a pointer to the params. */
   }
 
   gnutls_init(&gsession, GNUTLS_SERVER);

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+- Fixed crash bug in STARTTLS handling of loaded DH parameters.`
	`2`	`+`
`1`	`3`	`-------------------------------------------------------------------------------`
`2`	`4`	`Changes in version 2.20`
`3`	`5`
Original file line number	Diff line number	Diff line change
`@@ -138,7 +138,7 @@ const response* starttls_init(void)`
`138`	`138`	`return NULL;`
`139`	`139`	`}`
`140`	`140`	`gnutls_certificate_set_dh_params(x509_cred, dh_params);`
`141`		`- gnutls_dh_params_deinit(dh_params);`
	`141`	`+ /* Don't deinit the dh_params, since the above only stores a pointer to the params. */`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`gnutls_init(&gsession, GNUTLS_SERVER);`