[gnutls-devel] GnuTLS | support non-NULL-terminated PSKs (!917)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Dec 3 15:44:36 CET 2019
Tim Rühsen started a new discussion on lib/auth/psk_passwd.c: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_253985121
> +
> +static bool username_matches(const gnutls_datum_t *username,
> + const char *line, size_t line_size)
> +{
> + int retval;
> + unsigned i;
> + gnutls_datum_t hexline, hex_username = { NULL, 0 };
> +
> + /* move to first ':' */
> + i = 0;
> + while ((i < line_size) && (line[i] != '\0')
> + && (line[i] != ':')) {
> + i++;
> + }
> +
> + if (line[0] == '#') {
Buffer overflow if `line_size` is 0.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/917#note_253985121
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191203/042af4e3/attachment.html>
More information about the Gnutls-devel
mailing list