[gnutls-dev] gnutls-0.3.2 bugs

Nikos Mavroyanopoulos nmav@hellug.gr
Thu Jan 17 14:02:01 2002


On Wed, 16 Jan 2002 00:35:00 +0100 Marc Huber <Marc.Huber@web.de> wrote:

> Trying to follow the instructions in src/README.srpcrypt I found that
> - _gnutls_sbase64_encode() doesn't NUL-terminate strings smaller than
>   4 byte, and probably does the wrong thing for longer strings (I
>   haven't done any in-depth auditing on this, so I might be wrong.)
> - _gnutls_get_random() tries to gnutls_free() a gcry_malloc()ed pointer
> - crypt_int() tries to free() a gnutls_malloc()ed pointer
> - read_conf_values(): _gnutls_sbase64_decode() doesn't allocate memory
>   on failure, so gnutls_free() shouldn't be called.
Thank you for the bug reports and the fixes. There is a long time since I've
tested srpcrypt thus bugs may exist. I'll try to find time to clean it
up.

> Cheers,
> Marc


-- 
Nikos Mavroyanopoulos
mailto:nmav@hellug.gr