[gnutls-devel] GnuTLS | Fix out-of-bounds memcpy in gnutls_realloc_zero() (!1592)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed May 18 11:52:52 CEST 2022

Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1592 was reviewed by Tobias Heider

  <!-- Get preloaded note discussion-->
Tobias Heider started a new discussion on lib/nettle/init.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592#note_950890791

> +	if (new_size < old_size) {
> +		explicit_bzero((char *)data + new_size, old_size - new_size);
> +		p = realloc(data, new_size);

This will fix the bug but break the functionality. realloc() can silently replace data and return a newly alloced buffer. If this happens there is no way to make sure data gets zeroed, which is why i reimplemented part of the realloc() logic in the first place.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1592
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220518/e3045f97/attachment.html>

More information about the Gnutls-devel mailing list