[gnutls-dev] more than one trusted certificate - buffer overflow

Max Kellermann max at duempel.org
Fri Feb 10 12:45:17 CET 2006


On 2006/02/01 17:36, Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> On Wednesday 01 February 2006 14:38, Max Kellermann wrote:
> 
> > You might need a lot of fantasy to imagine a remote exploit for this
> > buffer overflow, but the fact that this bug exists, shows that nobody
> > has ever tried to load more than one trusted certificate into
> > libgnutls...
> 
> That's not true :) The most uses of gnutls use the _file() function 
> which uses the pem parser. That one seems to work.

Which of the two cited statements did you mean with "not true"?

The _file() functions do not allow to add two .pem files, which
renders them useless for my application.

Max





More information about the Gnutls-devel mailing list