Re: Buffer overflow in gnutls-serv http code

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in gnutls-serv http code

From:	Tomas Mraz
Subject:	Re: Buffer overflow in gnutls-serv http code
Date:	Tue, 07 Dec 2010 09:03:38 +0100

On Tue, 2010-12-07 at 08:31 +0100, Simon Josefsson wrote: 
> Tomas Mraz <address@hidden> writes:
> 
> > The gnutls-serv uses fixed allocated buffer for the response which can
> > be pretty long if a client certificate is presented to it and the http
> > header is large. This causes buffer overflow and heap corruption which
> > then leads to random segfaults or aborts.
> >
> > It was reported originally here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=659259
> >
> > The attached patch changes sprintf calls in peer_print_info() to
> > snprintf so the buffer is never overflowed.
> 
> Thanks -- for copyright reasons, did you do this on RedHat time?
> Otherwise the RedHat copyright assignment doesn't cover it, and I
> couldn't find an individual assignment.

I did it on behalf of Red Hat so the Red Hat copyright assignment covers
it.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow in gnutls-serv http code, Tomas Mraz, 2010/12/02
- Re: Buffer overflow in gnutls-serv http code, Nikos Mavrogiannopoulos, 2010/12/05
- Re: Buffer overflow in gnutls-serv http code, Simon Josefsson, 2010/12/07
  - Re: Buffer overflow in gnutls-serv http code, Tomas Mraz <=
    - Re: Buffer overflow in gnutls-serv http code, Simon Josefsson, 2010/12/13

Prev by Date: Re: Buffer overflow in gnutls-serv http code
Next by Date: GnuTLS 2.11.6
Previous by thread: Re: Buffer overflow in gnutls-serv http code
Next by thread: Re: Buffer overflow in gnutls-serv http code
Index(es):
- Date
- Thread