help-gsasl
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential bug in win32 binary version?

From: Simon Josefsson
Subject: Re: Potential bug in win32 binary version?
Date: Mon, 14 Jan 2008 22:05:27 +0100
User-agent: Gnus/5.110007 (No Gnus v0.7) Emacs/22.1 (gnu/linux) 
Francis Brosnan Blazquez <address@hidden> writes:

> Hi,
>
>> Actually, I didn't build it myself. I used the version from the Vortex
>> Project, because I don't have a MingW environment set up on my
>> computer.
>
> Just to confirm the windows build provided at the Vortex place do not
> use libgcrypt. I'll update the build process to include such
> dependency. 
>
> Assuming this, this is not a GSASL bug until the test you have provided
> could be checked against the new build with libgcrypt...i think it
> should be done soon but not ensured...(i'm a bit busy).

Thanks!  Still, it is a bug in gsasl to not check the return value from
gc_nonce.  I suspect it did return a error value here about /dev/random
not being present.  This can be a security problem so I think I need to
write a brief security advisory about it, and do a new release.

Fwiw, libgcrypt is packaged for Windows via GnuTLS4Win see
<http://josefsson.org/gnutls4win/>.

Since gsasl can use gnutls, maybe it would be useful to add GNU SASL to
the GnuTLS4Win build?  In the installer, you can chose which components
you want.  But GnuTLS4Win would need a different name then...

Anyway, it would be nice to integrate your windows build scripts into my
own build.  I recall you sent me instructions earlier, but maybe those
are obsolete.  Do you have the latest files available from CVS or
similar somewhere?

Thanks,
/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]