[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Patch fixing buffer overflow in identity applica

From: Christian Grothoff
Subject: Re: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b
Date: Sat, 15 Jan 2011 23:28:59 +0100
User-agent: KMail/1.13.5 (Linux/2.6.35-24-generic; KDE/4.5.1; i686; ; )


Thanks for the patch, I've applied it as SVN 14185.  However, I should mention 
that the respective branch (1st argument NULL) is never taken (I've checked 
all call-sites, NULL is never passed), so the overflow is in code that is 
definitively dead.  Still good to fix, but not a security issue (in case 
someone cares).

Happy hacking!


On Saturday, January 15, 2011 09:51:36 pm Stanislav Ochotnicky wrote:
> Attached patch should fix bug mentioned in [1]. memset function was used
> incorrectly with address of a pointer instead of address where pointer
> was pointing thus causing buffer overflow and possibly other problems.
> The 0.9.x versions don't seem to be affected since the identity
> application doesn't exist there if I am not mistaken.
> [1]

reply via email to

[Prev in Thread] Current Thread [Next in Thread]