[gnutls-devel] memcpy problem with RSA-PSK

A. Klitzing aklitzing at gmail.com
Fri Apr 18 13:57:01 CEST 2014


I looked into it a little bit.

In lib/auth/psk.c in line 343 it will call "info =
_gnutls_get_auth_info(session);". It is expected that info is a
psk_auth_info_t with a size of 1096 but it will return a cert_auth_info_t
with a size of 80. So memcpy will write into bad memory!

It seems that _gnutls_auth_info_set in lib/gnutls_auth.c won't reallocate
the buffer to another size. It will be called to create a buffer with 1096
and GNUTLS_CRD_PSK (psk_auth_info_t) as the type but it won't happen and
session->key.auth_info has still a size of 80 and type

I don't know how to fix it as I don't know the internals of GnuTLS. :-) But
I hope it is helpful to fix it.

Best regards
  André Klitzing
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140418/92279e9c/attachment-0001.html>

More information about the Gnutls-devel mailing list