[gnutls-devel] Out-of-bounds read in gnutls_x509_ext_export_key_usage

Tim Kosse tim.kosse at filezilla-project.org
Mon Jan 4 11:51:09 CET 2016


Hi,

there's an out-of-bounds read in gnutls_x509_ext_export_key_usage
(lib/x509/x509_ext.c:1128):

> uint8_t str[2];
> [...]
> result = asn1_write_value(c2, "", str, 9); 

It reads 7 more bytes from the stack than it should. The attached patch
fixes this.

Regards,
Tim Kosse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls_x509_ext_export_key_usage.diff
Type: text/x-c
Size: 664 bytes
Desc: not available
URL: </pipermail/attachments/20160104/6bfce241/attachment.bin>


More information about the Gnutls-devel mailing list