Quantcast

[gnutls-devel] fixes on 3.3.x gnutls branch, why not this one?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[gnutls-devel] fixes on 3.3.x gnutls branch, why not this one?

Andreas Metzler-3
Hello,

is there a reason why this patch was cherrypicked for the 3.5.x
branch but not for 3.3.x?
e2b02861caea3cb9a173e6993640b4e7112bdb44
pencdk: read_attribute: account buffer size

That ensures that there is no read past the end of buffer.

Resolves the oss-fuzz found bug:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Relates: #159

tia, cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [gnutls-devel] fixes on 3.3.x gnutls branch, why not this one?

Nikos Mavrogiannopoulos-2
On Sun, 2017-03-05 at 16:20 +0100, Andreas Metzler wrote:

> Hello,
>
> is there a reason why this patch was cherrypicked for the 3.5.x
> branch but not for 3.3.x?
> e2b02861caea3cb9a173e6993640b4e7112bdb44
> pencdk: read_attribute: account buffer size
>
> That ensures that there is no read past the end of buffer.
>
> Resolves the oss-fuzz found bug:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391

Hi, I didn't consider it severe enough to backport it. My understanding
is that this is a read past the end of buffer, and cannot be exploited
for a denial of service or otherwise. Let me know if I'm wrong.

regards,
Nikos


_______________________________________________
Gnutls-devel mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
Loading...