Buffer overflow in gnutls-serv http code

Simon Josefsson simon at josefsson.org
Tue Dec 7 08:31:21 CET 2010

Tomas Mraz <tmraz at redhat.com> writes:

> The gnutls-serv uses fixed allocated buffer for the response which can
> be pretty long if a client certificate is presented to it and the http
> header is large. This causes buffer overflow and heap corruption which
> then leads to random segfaults or aborts.
> It was reported originally here:
> https://bugzilla.redhat.com/show_bug.cgi?id=659259
> The attached patch changes sprintf calls in peer_print_info() to
> snprintf so the buffer is never overflowed.

Thanks -- for copyright reasons, did you do this on RedHat time?
Otherwise the RedHat copyright assignment doesn't cover it, and I
couldn't find an individual assignment.


More information about the Gnutls-devel mailing list