Bug in gnutls_x509_crt_list_import

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Sep 23 20:04:59 CEST 2008


Jonathan Manktelow wrote:
> Hi,
> There is a buffer overrun bug in gnutls_x509_crt_list_import (from gnutls
> 4.2.2), if it's given a file containing multiple PEM certificates, each of
> which is separated by more than one character (such as in a file with
> windows line endings)
> 
> In gnutls_x509_crt_list_import
> When reading the second, and all subsequent, certificates the lines
> 
> 	  tmp.data = (unsigned char *) ptr;
> 	  tmp.size = size;
> 
> setup a temporary buffer for gnutls_x509_crt_import to read from. However
> the size variable is not set correctly. 
> Changing these lines to 
> 
> 	  tmp.data = (unsigned char *) ptr;
> 	  size = data->size - (ptr - (char *) data->data);
> 	  tmp.size = size;
> 
> fixes it.
> Please can you confirm if this is a bug, and if so if the fix is correct!

Your study and patch of the issue looks correct. Patch applied.

Thank you!

regards,
Nikos





More information about the Gnutls-devel mailing list