Buffer overflow in gnutls-serv http code
tmraz at redhat.com
Thu Dec 2 15:24:31 CET 2010
The gnutls-serv uses fixed allocated buffer for the response which can
be pretty long if a client certificate is presented to it and the http
header is large. This causes buffer overflow and heap corruption which
then leads to random segfaults or aborts.
It was reported originally here:
The attached patch changes sprintf calls in peer_print_info() to
snprintf so the buffer is never overflowed.
No matter how far down the wrong road you've gone, turn back.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5328 bytes
Desc: not available
More information about the Gnutls-devel