[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNUnet-developers] Patch fixing buffer overflow in identity applica
Re: [GNUnet-developers] Patch fixing buffer overflow in identity application in GNUnet 0.8.1b
Sat, 15 Jan 2011 23:28:59 +0100
KMail/1.13.5 (Linux/2.6.35-24-generic; KDE/4.5.1; i686; ; )
Thanks for the patch, I've applied it as SVN 14185. However, I should mention
that the respective branch (1st argument NULL) is never taken (I've checked
all call-sites, NULL is never passed), so the overflow is in code that is
definitively dead. Still good to fix, but not a security issue (in case
On Saturday, January 15, 2011 09:51:36 pm Stanislav Ochotnicky wrote:
> Attached patch should fix bug mentioned in . memset function was used
> incorrectly with address of a pointer instead of address where pointer
> was pointing thus causing buffer overflow and possibly other problems.
> The 0.9.x versions don't seem to be affected since the identity
> application doesn't exist there if I am not mistaken.
>  https://bugs.gentoo.org/show_bug.cgi?id=339355