[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gnutls-dev] more than one trusted certificate - buffer overflow
From: |
Max Kellermann |
Subject: |
Re: [gnutls-dev] more than one trusted certificate - buffer overflow |
Date: |
Fri, 10 Feb 2006 12:45:17 +0100 |
User-agent: |
Mutt/1.5.9i |
On 2006/02/01 17:36, Nikos Mavrogiannopoulos <address@hidden> wrote:
> On Wednesday 01 February 2006 14:38, Max Kellermann wrote:
>
> > You might need a lot of fantasy to imagine a remote exploit for this
> > buffer overflow, but the fact that this bug exists, shows that nobody
> > has ever tried to load more than one trusted certificate into
> > libgnutls...
>
> That's not true :) The most uses of gnutls use the _file() function
> which uses the pem parser. That one seems to work.
Which of the two cited statements did you mean with "not true"?
The _file() functions do not allow to add two .pem files, which
renders them useless for my application.
Max