Buffer overflow in gnutls-serv http code
tmraz at redhat.com
Tue Dec 7 09:03:38 CET 2010
On Tue, 2010-12-07 at 08:31 +0100, Simon Josefsson wrote:
> Tomas Mraz <tmraz at redhat.com> writes:
> > The gnutls-serv uses fixed allocated buffer for the response which can
> > be pretty long if a client certificate is presented to it and the http
> > header is large. This causes buffer overflow and heap corruption which
> > then leads to random segfaults or aborts.
> > It was reported originally here:
> > https://bugzilla.redhat.com/show_bug.cgi?id=659259
> > The attached patch changes sprintf calls in peer_print_info() to
> > snprintf so the buffer is never overflowed.
> Thanks -- for copyright reasons, did you do this on RedHat time?
> Otherwise the RedHat copyright assignment doesn't cover it, and I
> couldn't find an individual assignment.
I did it on behalf of Red Hat so the Red Hat copyright assignment covers
No matter how far down the wrong road you've gone, turn back.
More information about the Gnutls-devel