[gnutls-devel] memcpy problem with RSA-PSK
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Apr 18 16:34:58 CEST 2014
On Fri, Apr 18, 2014 at 1:57 PM, A. Klitzing <aklitzing at gmail.com> wrote:
> Hi!
>
> I looked into it a little bit.
>
> In lib/auth/psk.c in line 343 it will call "info =
> _gnutls_get_auth_info(session);". It is expected that info is a
> psk_auth_info_t with a size of 1096 but it will return a cert_auth_info_t
> with a size of 80. So memcpy will write into bad memory!
Indeed valgrind was quite indicative. It seems that RSA-PSK has issues
when the server sends the identity hint. The self check didn't do that
and that's how it wasn't detected so far. I've committed a fix in the
repository.
regards,
Nikos
More information about the Gnutls-devel
mailing list