Bug in gnutls_x509_crt_list_import
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Sep 23 20:04:59 CEST 2008
Jonathan Manktelow wrote:
> Hi,
> There is a buffer overrun bug in gnutls_x509_crt_list_import (from gnutls
> 4.2.2), if it's given a file containing multiple PEM certificates, each of
> which is separated by more than one character (such as in a file with
> windows line endings)
>
> In gnutls_x509_crt_list_import
> When reading the second, and all subsequent, certificates the lines
>
> tmp.data = (unsigned char *) ptr;
> tmp.size = size;
>
> setup a temporary buffer for gnutls_x509_crt_import to read from. However
> the size variable is not set correctly.
> Changing these lines to
>
> tmp.data = (unsigned char *) ptr;
> size = data->size - (ptr - (char *) data->data);
> tmp.size = size;
>
> fixes it.
> Please can you confirm if this is a bug, and if so if the fix is correct!
Your study and patch of the issue looks correct. Patch applied.
Thank you!
regards,
Nikos
More information about the Gnutls-devel
mailing list