[gnutls-dev] more than one trusted certificate - buffer overflow
max at duempel.org
Fri Feb 10 12:45:17 CET 2006
On 2006/02/01 17:36, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Wednesday 01 February 2006 14:38, Max Kellermann wrote:
> > You might need a lot of fantasy to imagine a remote exploit for this
> > buffer overflow, but the fact that this bug exists, shows that nobody
> > has ever tried to load more than one trusted certificate into
> > libgnutls...
> That's not true :) The most uses of gnutls use the _file() function
> which uses the pem parser. That one seems to work.
Which of the two cited statements did you mean with "not true"?
The _file() functions do not allow to add two .pem files, which
renders them useless for my application.
More information about the Gnutls-dev