[gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed May 18 11:52:52 CEST 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 was reviewed by Tobias Heider
--
<!-- Get preloaded note discussion-->
Tobias Heider started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950890791
> + if (new_size < old_size) {
> + explicit_bzero((char *)data + new_size, old_size - new_size);
> + p = realloc(data, new_size);
This will fix the bug but break the functionality. realloc() can silently replace data and return a newly alloced buffer. If this happens there is no way to make sure data gets zeroed, which is why i reimplemented part of the realloc() logic in the first place.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220518/e3045f97/attachment.html>
More information about the Gnutls-devel
mailing list