Re: Possible buffer overflow on gnutls_session_get

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Possible buffer overflow on gnutls_session_get_data

From:	Nikos Mavrogiannopoulos
Subject:	Re: Possible buffer overflow on gnutls_session_get_data
Date:	Tue, 8 Nov 2011 13:49:14 +0100

On Tue, Nov 8, 2011 at 12:55 PM, Alban Crequy
<address@hidden> wrote:
> The gnutls_session_get_data function in the GnuTLS library before
> 3.0.6 or before 2.12.13 on the 2.12.x branch could overflow a
> too-short buffer parameter allocated by the caller. The test to avoid
> the buffer overflow was not working correctly.
> Often the code using the GnuTLS library calls gnutls_session_get_data()
> twice: the first time to get the buffer size and the second time with a
> buffer allocated to the correct size. In this code pattern, there is no
> buffer overflows.
[...]

Thank you for finding out this bug and reporting it. I'll point the
security advisory for this issue to your mail later this day. An
update to your note is that gnutls releases 2.12.14 and 3.0.7
correctly fix the issue.

best regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Possible buffer overflow on gnutls_session_get_data, Alban Crequy, 2011/11/08
- Re: Possible buffer overflow on gnutls_session_get_data, Nikos Mavrogiannopoulos <=

Prev by Date: Possible buffer overflow on gnutls_session_get_data
Next by Date: Re: Compile fix for gnutls-3.0.5
Previous by thread: Possible buffer overflow on gnutls_session_get_data
Next by thread: Re: Compile fix for gnutls-3.0.5
Index(es):
- Date
- Thread