[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in gnutls_x509_crt_list_import
From: |
Jonathan Manktelow |
Subject: |
Bug in gnutls_x509_crt_list_import |
Date: |
Tue, 23 Sep 2008 12:20:27 +0100 |
Hi,
There is a buffer overrun bug in gnutls_x509_crt_list_import (from gnutls
4.2.2), if it's given a file containing multiple PEM certificates, each of
which is separated by more than one character (such as in a file with
windows line endings)
In gnutls_x509_crt_list_import
When reading the second, and all subsequent, certificates the lines
tmp.data = (unsigned char *) ptr;
tmp.size = size;
setup a temporary buffer for gnutls_x509_crt_import to read from. However
the size variable is not set correctly.
Changing these lines to
tmp.data = (unsigned char *) ptr;
size = data->size - (ptr - (char *) data->data);
tmp.size = size;
fixes it.
Please can you confirm if this is a bug, and if so if the fix is correct!
Thanks,
Jonathan Manktelow
- Bug in gnutls_x509_crt_list_import,
Jonathan Manktelow <=