Bug in gnutls_x509_crt_list_import
Jonathan Manktelow
jonathan at dyalog.com
Tue Sep 23 13:20:27 CEST 2008
Hi,
There is a buffer overrun bug in gnutls_x509_crt_list_import (from gnutls
4.2.2), if it's given a file containing multiple PEM certificates, each of
which is separated by more than one character (such as in a file with
windows line endings)
In gnutls_x509_crt_list_import
When reading the second, and all subsequent, certificates the lines
tmp.data = (unsigned char *) ptr;
tmp.size = size;
setup a temporary buffer for gnutls_x509_crt_import to read from. However
the size variable is not set correctly.
Changing these lines to
tmp.data = (unsigned char *) ptr;
size = data->size - (ptr - (char *) data->data);
tmp.size = size;
fixes it.
Please can you confirm if this is a bug, and if so if the fix is correct!
Thanks,
Jonathan Manktelow
More information about the Gnutls-devel
mailing list