Re: Bug in gnutls_x509_crt_list

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in gnutls_x509_crt_list_import

From:	Nikos Mavrogiannopoulos
Subject:	Re: Bug in gnutls_x509_crt_list_import
Date:	Tue, 23 Sep 2008 21:04:59 +0300
User-agent:	Thunderbird 2.0.0.16 (X11/20080724)

Jonathan Manktelow wrote:
> Hi,
> There is a buffer overrun bug in gnutls_x509_crt_list_import (from gnutls
> 4.2.2), if it's given a file containing multiple PEM certificates, each of
> which is separated by more than one character (such as in a file with
> windows line endings)
> 
> In gnutls_x509_crt_list_import
> When reading the second, and all subsequent, certificates the lines
> 
>         tmp.data = (unsigned char *) ptr;
>         tmp.size = size;
> 
> setup a temporary buffer for gnutls_x509_crt_import to read from. However
> the size variable is not set correctly. 
> Changing these lines to 
> 
>         tmp.data = (unsigned char *) ptr;
>         size = data->size - (ptr - (char *) data->data);
>         tmp.size = size;
> 
> fixes it.
> Please can you confirm if this is a bug, and if so if the fix is correct!

Your study and patch of the issue looks correct. Patch applied.

Thank you!

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Bug in gnutls_x509_crt_list_import, Jonathan Manktelow, 2008/09/23
- Re: Bug in gnutls_x509_crt_list_import, Nikos Mavrogiannopoulos <=

Prev by Date: Re: 2.5.7 gnutls_x509_privkey_generate() returns GNUTLS_E_INVALID_REQUEST
Next by Date: Re: 2.5.7 gnutls_x509_privkey_generate() returns GNUTLS_E_INVALID_REQUEST
Previous by thread: Bug in gnutls_x509_crt_list_import
Next by thread: request for help: freshmeat.net gnutls writer
Index(es):
- Date
- Thread