Buffer overflow in gnutls-serv http code

Simon Josefsson simon at josefsson.org
Mon Dec 13 20:18:34 CET 2010

Tomas Mraz <tmraz at redhat.com> writes:

> On Tue, 2010-12-07 at 08:31 +0100, Simon Josefsson wrote: 
>> Tomas Mraz <tmraz at redhat.com> writes:
>> > The gnutls-serv uses fixed allocated buffer for the response which can
>> > be pretty long if a client certificate is presented to it and the http
>> > header is large. This causes buffer overflow and heap corruption which
>> > then leads to random segfaults or aborts.
>> >
>> > It was reported originally here:
>> > https://bugzilla.redhat.com/show_bug.cgi?id=659259
>> >
>> > The attached patch changes sprintf calls in peer_print_info() to
>> > snprintf so the buffer is never overflowed.
>> Thanks -- for copyright reasons, did you do this on RedHat time?
>> Otherwise the RedHat copyright assignment doesn't cover it, and I
>> couldn't find an individual assignment.
> I did it on behalf of Red Hat so the Red Hat copyright assignment covers
> it.

Thanks for confirming this!


More information about the Gnutls-devel mailing list