Memory leak when using aead AES-CCM
Description of problem:
I've noticed this bug through using Samba, which has been reported over here: https://bugzilla.samba.org/show_bug.cgi?id=14399
Apparently, there's a memory leak in gnutls's AEAD AES-CCM (not GCM)
gnutls_aead_cipher_decryptv2 when using CCM in SMB.
Version of gnutls used:
Steps to Reproduce:
- Install Samba, enforce signing or encryption
- Use client that only supports CCM (e.g. macOS)
- Observe memory usage
Please note: this can be used to crash the Samba-Fileserver, or every application using gnutls like Samba, I guess. As this can then be used for DOS attacks, this should probably be treated as security issue.