[gnutls-dev] gnutls-0.3.2 bugs
Nikos Mavroyanopoulos
nmav@hellug.gr
Thu Jan 17 14:02:01 2002
On Wed, 16 Jan 2002 00:35:00 +0100 Marc Huber <Marc.Huber@web.de> wrote:
> Trying to follow the instructions in src/README.srpcrypt I found that
> - _gnutls_sbase64_encode() doesn't NUL-terminate strings smaller than
> 4 byte, and probably does the wrong thing for longer strings (I
> haven't done any in-depth auditing on this, so I might be wrong.)
> - _gnutls_get_random() tries to gnutls_free() a gcry_malloc()ed pointer
> - crypt_int() tries to free() a gnutls_malloc()ed pointer
> - read_conf_values(): _gnutls_sbase64_decode() doesn't allocate memory
> on failure, so gnutls_free() shouldn't be called.
Thank you for the bug reports and the fixes. There is a long time since I've
tested srpcrypt thus bugs may exist. I'll try to find time to clean it
up.
> Cheers,
> Marc
--
Nikos Mavroyanopoulos
mailto:nmav@hellug.gr