Re: gnutls_calloc

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls_calloc

From:	Daniel Kahn Gillmor
Subject:	Re: gnutls_calloc
Date:	Wed, 17 Sep 2008 11:16:58 -0400
User-agent:	Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux)

On Wed 2008-09-17 07:30:55 -0400, Simon Josefsson wrote:

> Werner Koch <address@hidden> writes:
>
>> lib/gnutls_session_pack.c:
>>     gnutls_calloc (1, sizeof (gnutls_datum_t) * info->ncerts);
>
> This unpacks user-supplied data.  If the data were corrupt, it could
> overflow.  However, if an attacker could influence this data, all the
> security is gone anyway since it contains master secret keys.

When you say "user-supplied", do you mean the user running the local
GnuTLS process, or the user controlling the remote peer?

One concern is that an attacker could defeat the security provided by
the TLS layer by introducing arbitrary master secret keys.  But the
possibility of executing arbitrary code based on the contents of a
keyring is an entirely different threat, though, which it seems like
GnuTLS shouldn't be vulnerable to.

       --dkg

pgpTHaW4MQho8.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

gnutls_calloc, Werner Koch, 2008/09/17
- Re: gnutls_calloc, Simon Josefsson, 2008/09/17
- Re: gnutls_calloc, Werner Koch, 2008/09/17
  - Re: gnutls_calloc, Simon Josefsson, 2008/09/17
    - Re: gnutls_calloc, Daniel Kahn Gillmor <=
    - Re: gnutls_calloc, Simon Josefsson, 2008/09/17

Prev by Date: Re: gnutls_calloc
Next by Date: Missing gnutls_x509_crq_sest_subject_alternative_name ?
Previous by thread: Re: gnutls_calloc
Next by thread: Re: gnutls_calloc
Index(es):
- Date
- Thread