[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls_calloc
From: |
Werner Koch |
Subject: |
Re: gnutls_calloc |
Date: |
Wed, 17 Sep 2008 13:09:38 +0200 |
User-agent: |
Gnus/5.110007 (No Gnus v0.7) |
Hi,
A quick grep shows:
lib/auth_cert.c:
gnutls_calloc (1, sizeof (gnutls_datum_t) * ncerts);
lib/gnutls_cert.c:
*alg = gnutls_calloc (1, sizeof (gnutls_kx_algorithm_t) * i);
lib/gnutls_session_pack.c:
gnutls_calloc (1, sizeof (gnutls_datum_t) * info->ncerts);
libextra/openssl_compat.c:
gnutls_calloc (1, ca_certificate_list_size * sizeof (gnutls_x509_crt_t));
libextra/openssl_compat.c:
crl_list = gnutls_calloc (1, crl_list_size * sizeof (gnutls_x509_crl_t));
Thus even with a correct gnutls_calloc, it is still vulernable to
integer overflows. The above code (there might be more of this) needs
to be changed to:
gnutls_calloc (ncerts, sizeof (gnutls_datum_t));
and so on.
Shalom-Salam,
Werner
--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.