cve-2008-4989.c
Simon Josefsson
simon at josefsson.org
Tue Nov 11 15:29:53 CET 2008
Here is a self-test that detects whether the installed libgnutls is
vulnerable or not.
Build it:
gcc -o cve-2008-4989 cve-2008-4989.c -lgnutls
Output for vulnerable libraries:
jas at mocca:~/src/gnutls/tests master$ LD_PRELOAD=/usr/lib/libgnutls.so ./cve-2008-4989 ; echo $?
./cve-2008-4989: verify_status: 0
1
jas at mocca:~/src/gnutls/tests master$
Output for fixed libraries:
jas at mocca:~/src/gnutls/tests master$ ./cve-2008-4989 ; echo $?
0
jas at mocca:~/src/gnutls/tests master$
This will part of future releases to test regressions:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=4d0486baaf9d65d965ecefd38647f4518bf0d0d7
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cve-2008-4989.c
Type: text/x-csrc
Size: 7626 bytes
Desc: not available
URL: </pipermail/attachments/20081111/601138d7/attachment.c>
More information about the Gnutls-devel
mailing list