[gnutls-devel] GnuTLS | _gnutls_srp_entry_free safety feature bug (#761)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Fri May 3 06:04:40 CEST 2019
New Issue was created.
Issue 761: https://gitlab.com/gnutls/gnutls/issues/761
Author: Itay Grudev
Assignee:
## Description of problem:
I believe the `_gnutls_srp_entry_free` function has a bug in it's implementation. There is a safety feature for accidental freeing of the SRP parameters defined in `gnutls.h` but those don't include the `8192` group values.
https://gitlab.com/gnutls/gnutls/blob/master/lib/auth/srp_passwd.c#L445
And those values are different and need to be added there:
https://gitlab.com/gnutls/gnutls/blob/master/lib/auth/srp_kx.c#L672
## Version of gnutls used:
master
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/761
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190503/1715450b/attachment.html>
More information about the Gnutls-devel
mailing list