[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: gnutls_record_send() problem
|
From: |
Laurent Birtz |
|
Subject: |
[Help-gnutls] Re: gnutls_record_send() problem |
|
Date: |
Wed, 23 Jan 2008 13:05:16 -0500 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.4 (X11/20070622) |
Simon Josefsson wrote:
I can reproduce this. The reason is this: The server is waiting for the
client to send something, which it echoes back, but since the client
never sends anything (a zero string is no data) the server never
responds, and the client is stuck waiting for input from the server.
/Simon
Yes, both processes are blocked for reading.
The gnutls_record_send function takes a buffer and a length indicator,
so the first seems OK to me. The latter would be incorrect, 'ret' is
used as the return value in that function, not a length indicator.
Maybe you could clarify what change you are thinking of?
Well, calling strlen() on a buffer received from a client is a
security hole (I guess it's OK in the case of an example). In
this context 'ret' is the number of bytes read by
gnutls_record_recv(), so it is a length indicator. I assume
strlen() was used to avoid counting the terminating 0.
I can't reproduce this. Are you using the verbatim example source code?
Below is what 'valgrind ./ex-client1' prints for me when ex-serv-anon is
running.
I guess it depends on other factors than just the version of
GnuTLS. The problem is gone in the latest version.
Thanks,
Laurent Birtz