cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL bug buffer is too small !!!!!

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Sat, 1 Jan 2011 15:39:42 +0100 (CET)

On Sat, 1 Jan 2011, 정중 이 wrote:

(I'm Cc'ing the curl-library mailing list for info.)

> static void pubkey_show(struct SessionHandle *data,
>                         int num,
>                         const char *type,
>                         const char *name,
>                         unsigned char *raw,
>                         int len)
>
> {
> char buffer[1024]; < -- too small
>
> if len value(raw size) is over 340 , occur segment violation ...
>
> thereforebuffer is 2048. !!!

Size 2048 is not the correct fix though, as I'm sure something will hit that
limit as well. We need to make sure that it doesn't overflow the buffer no
matter what the size of the buffer is.

I wrote a fix and pushed to the git repo just now, it would be great if you
could try it out and see how it works!

The exact commit was:

https://github.com/bagder/curl/commit/ae291421984a266176df34f24d3a5e76d76ec7c8

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-01