[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls_calloc
From: |
Daniel Kahn Gillmor |
Subject: |
Re: gnutls_calloc |
Date: |
Wed, 17 Sep 2008 11:16:58 -0400 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.2 (gnu/linux) |
On Wed 2008-09-17 07:30:55 -0400, Simon Josefsson wrote:
> Werner Koch <address@hidden> writes:
>
>> lib/gnutls_session_pack.c:
>> gnutls_calloc (1, sizeof (gnutls_datum_t) * info->ncerts);
>
> This unpacks user-supplied data. If the data were corrupt, it could
> overflow. However, if an attacker could influence this data, all the
> security is gone anyway since it contains master secret keys.
When you say "user-supplied", do you mean the user running the local
GnuTLS process, or the user controlling the remote peer?
One concern is that an attacker could defeat the security provided by
the TLS layer by introducing arbitrary master secret keys. But the
possibility of executing arbitrary code based on the contents of a
keyring is an entirely different threat, though, which it seems like
GnuTLS shouldn't be vulnerable to.
--dkg
pgpTHaW4MQho8.pgp
Description: PGP signature