[gnutls-devel] memcpy problem with RSA-PSK
A. Klitzing
aklitzing at gmail.com
Fri Apr 18 13:57:01 CEST 2014
Hi!
I looked into it a little bit.
In lib/auth/psk.c in line 343 it will call "info =
_gnutls_get_auth_info(session);". It is expected that info is a
psk_auth_info_t with a size of 1096 but it will return a cert_auth_info_t
with a size of 80. So memcpy will write into bad memory!
It seems that _gnutls_auth_info_set in lib/gnutls_auth.c won't reallocate
the buffer to another size. It will be called to create a buffer with 1096
and GNUTLS_CRD_PSK (psk_auth_info_t) as the type but it won't happen and
session->key.auth_info has still a size of 80 and type
GNUTLS_CRD_CERTIFICATE.
I don't know how to fix it as I don't know the internals of GnuTLS. :-) But
I hope it is helpful to fix it.
Best regards
André Klitzing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140418/92279e9c/attachment-0001.html>
More information about the Gnutls-devel
mailing list