[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible buffer overflow on gnutls_session_get_data
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Possible buffer overflow on gnutls_session_get_data |
Date: |
Tue, 8 Nov 2011 13:49:14 +0100 |
On Tue, Nov 8, 2011 at 12:55 PM, Alban Crequy
<address@hidden> wrote:
> The gnutls_session_get_data function in the GnuTLS library before
> 3.0.6 or before 2.12.13 on the 2.12.x branch could overflow a
> too-short buffer parameter allocated by the caller. The test to avoid
> the buffer overflow was not working correctly.
> Often the code using the GnuTLS library calls gnutls_session_get_data()
> twice: the first time to get the buffer size and the second time with a
> buffer allocated to the correct size. In this code pattern, there is no
> buffer overflows.
[...]
Thank you for finding out this bug and reporting it. I'll point the
security advisory for this issue to your mail later this day. An
update to your note is that gnutls releases 2.12.14 and 3.0.7
correctly fix the issue.
best regards,
Nikos