[gnutls-devel] GnuTLS | Two integer overflows in priority.c (#679)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Jan 23 14:56:17 CET 2019


> So we can easily do the REMOVE_TLS13_IN_LOOP outside the main loop.

That would require 2-path iterations over the array, no?  The current logic is something like:
```
for i in 0...n {
  if entries[i] is NULL, SRP, or PSK {
    // REMOVE_TLS13_IN_LOOP
    if entries[i] is TLS 1.3 {
      entries[i...n] <- entries[i+1...n] // (*)
      retry the loop from i
    }
  }
  ...
}
```
I don't see anything wrong here, though it might be a little cleaner if (*) is rewritten using memmove, and `REMOVE_TLS13_IN_LOOP` doesn't take `i` as the argument.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/679#note_134149897
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190123/57a25d91/attachment.html>


More information about the Gnutls-devel mailing list