[Bug 1111882] Re: GnuTLS recv error (-9): A TLS packet with unexpected length was received

David Ayers ayers at fsfe.org
Tue Nov 29 22:40:55 UTC 2016 

TJ stated in early 2013:

"Additional research seems to indicate this is a known intentional
gnutls behaviour (that has been modified in very recent gnutls that
makes use of a recent libnettle - as mentioned above). The issue is,
apparently, the random size padding of packets to prevent communications
compromise for stream ciphers.

Unfortunately the changes required are far too invasive for an SRU so
we'll have to make do with a work-around."

Where do these changes need be implemented? In GNUTLS?
Has anyone with sufficient understanding opened an informed report upstream at https://gitlab.com/gnutls/gnutls/issues that could be referenced here?
If not, would someone be willing / capable to do that?

Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1111882

Title:
  GnuTLS recv error (-9): A TLS packet with unexpected length was
  received

Status in apt package in Ubuntu:
  Invalid
Status in curl package in Ubuntu:
  Confirmed
Status in git package in Ubuntu:
  Confirmed
Status in gnutls26 package in Ubuntu:
  Confirmed

Bug description:
  On Precise 12.04 whilst attempting:

  GIT_CURL_VERBOSE=1 git clone -v https://git01.codeplex.com/typescript

  the operation fails after the final git pack-file has been received
  and the already-created repository is deleted from the file system.

  ...
  > POST /typescript/git-upload-pack HTTP/1.1
  User-Agent: git/1.8.1.2.433.g9808ce0.dirty
  Host: git01.codeplex.com
  Accept-Encoding: gzip
  Content-Type: application/x-git-upload-pack-request
  Accept: application/x-git-upload-pack-result
  Content-Length: 611

  * upload completely sent off: 611out of 611 bytes
  < HTTP/1.1 200 OK
  < Cache-Control: no-cache, max-age=0, must-revalidate
  < Pragma: no-cache
  < Content-Type: application/x-git-upload-pack-result
  < Expires: Fri, 01 Jan 1980 00:00:00 GMT
  < Server: Microsoft-IIS/7.5
  < X-Powered-By: ASP.NET
  < Date: Thu, 31 Jan 2013 21:43:55 GMT
  < Connection: close
  < 
  remote: Counting objects: 149766, done.
  remote: Compressing objects: 100% (10580/10580), done.
  * GnuTLS recv error (-9): A TLS packet with unexpected length was received.
  * Closing connection #0
  remote: Total 149766 (delta 138201), reused 149559 (delta 138077)
  Receiving objects: 100% (149766/149766), 198.98 MiB | 361 KiB/s, done.
  error: RPC failed; result=56, HTTP code = 200
  Resolving deltas: 100% (138201/138201), done.

  git exits at this point but it deletes the entire cloned ./typescript
  directory.

  I tried building the latest git binary and included an additional
  debug option in "http.c" that allowed me to set the protocol version
  using an environment option:

  CURLOPT_SSLVERSION=1 git clone ...

  where 1 = TLSv1, 2 = SSLv2, 3 = SSLv3.

  I tried each protocol but the result was the same.

  The knock-on bug here is that git ought not to delete what it has
  fetched - in this case more than 250MB of data.

  I did try to build the latest gnutls but it needs a very recent
  version of libnettle which has the "rsa_decrypt_tr" function. I
  stopped at that point since I don't want to get into dependency and
  library version issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1111882/+subscriptions

More information about the foundations-bugs mailing list