nds_gtls: fix regression that could lead to attack (never released) #2777
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rgerhards
force-pushed
the
nsd-gtls-misadressing
branch
from
adb3d55
to
b4a3d76
Compare
…rsion) Commit 7589f42 introduced support for loading certificate chains. Unfortunatley the max number of permitted certificates was miscalculated and so a certificate chain with more than 10 certificates could lead to a buffer overrun. This patch corrects this. Note that the commit was merged just yesterday and there was no release with the affected code. Also, this commit adds GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED to ensure the certificate export will fail with an error message if the certificate list contains too many certificates. Thx to Arne Nordmark for suggesting that option.
rgerhards
force-pushed
the
nsd-gtls-misadressing
branch
from
b4a3d76
to
63ad5ec
Compare
|
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit 7589f42 introduced support
for loading certificate chains. Unfortunatley the max number of permitted
certificates was miscalculated and so a certificate chain with more than
10 certificates could lead to a buffer overrun. This patch corrects this.
Note that the commit was merged just yesterday and there was no release
with the affected code.