[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Buffer overflow in gnutls-serv http code
From: |
Tomas Mraz |
Subject: |
Buffer overflow in gnutls-serv http code |
Date: |
Thu, 02 Dec 2010 15:24:31 +0100 |
The gnutls-serv uses fixed allocated buffer for the response which can
be pretty long if a client certificate is presented to it and the http
header is large. This causes buffer overflow and heap corruption which
then leads to random segfaults or aborts.
It was reported originally here:
https://bugzilla.redhat.com/show_bug.cgi?id=659259
The attached patch changes sprintf calls in peer_print_info() to
snprintf so the buffer is never overflowed.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
gnutls-2.10.3-sprintf.patch
Description: Text Data
- Buffer overflow in gnutls-serv http code,
Tomas Mraz <=