Re: [GNUnet-developers] Patch fixing buffer overflow in identity applica

gnunet-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] Patch fixing buffer overflow in identity applica

From:	Christian Grothoff
Subject:	Re: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b
Date:	Sat, 15 Jan 2011 23:28:59 +0100
User-agent:	KMail/1.13.5 (Linux/2.6.35-24-generic; KDE/4.5.1; i686; ; )

Hi!

Thanks for the patch, I've applied it as SVN 14185.  However, I should mention 
that the respective branch (1st argument NULL) is never taken (I've checked 
all call-sites, NULL is never passed), so the overflow is in code that is 
definitively dead.  Still good to fix, but not a security issue (in case 
someone cares).

Happy hacking!

Christian

On Saturday, January 15, 2011 09:51:36 pm Stanislav Ochotnicky wrote:
> Attached patch should fix bug mentioned in [1]. memset function was used
> incorrectly with address of a pointer instead of address where pointer
> was pointing thus causing buffer overflow and possibly other problems.
> 
> The 0.9.x versions don't seem to be affected since the identity
> application doesn't exist there if I am not mistaken.
> 
> [1] https://bugs.gentoo.org/show_bug.cgi?id=339355

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b, Stanislav Ochotnicky, 2011/01/15
- Re: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b, Christian Grothoff <=

Prev by Date: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b
Previous by thread: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b
Index(es):
- Date
- Thread