Buffer overflow in gnutls-serv http code

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow in gnutls-serv http code

From:	Tomas Mraz
Subject:	Buffer overflow in gnutls-serv http code
Date:	Thu, 02 Dec 2010 15:24:31 +0100

The gnutls-serv uses fixed allocated buffer for the response which can
be pretty long if a client certificate is presented to it and the http
header is large. This causes buffer overflow and heap corruption which
then leads to random segfaults or aborts.

It was reported originally here:
https://bugzilla.redhat.com/show_bug.cgi?id=659259

The attached patch changes sprintf calls in peer_print_info() to
snprintf so the buffer is never overflowed.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

gnutls-2.10.3-sprintf.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow in gnutls-serv http code, Tomas Mraz <=
- Re: Buffer overflow in gnutls-serv http code, Nikos Mavrogiannopoulos, 2010/12/05
- Re: Buffer overflow in gnutls-serv http code, Simon Josefsson, 2010/12/07
  - Re: Buffer overflow in gnutls-serv http code, Tomas Mraz, 2010/12/07
    - Re: Buffer overflow in gnutls-serv http code, Simon Josefsson, 2010/12/13

Prev by Date: Re: GnuTLS error -8: A record packet with illegal version was received.
Next by Date: Re: GnuTLS error -8: A record packet with illegal version was received.
Previous by thread: gnutls 2.11.5
Next by thread: Re: Buffer overflow in gnutls-serv http code
Index(es):
- Date
- Thread