[PATCH] fix segfault due to unitialized variable

Joe Orton joe at manyfish.co.uk
Wed Jul 31 12:16:43 EDT 2013


On Thu, Nov 22, 2012 at 12:40:10PM +0100, Matthias Petschick wrote:
> x509_crt_copy in ne_gnutls.c depends on the local size variable being 0
> (or small enough) so that the subsequent call to gnutls_x509_crt_export
> updates the variable to the correct size to hold the certificate. Since
> size is used unitialized, the value for it is undefined and more than
> likely not 0, resulting in gnutls_x509_crt_export not returning
> GNUTLS_E_SHORT_MEMORY_BUFFER and consequently x509_crt_copy returning NULL.
> This is not caught by make_peers_chain which then passes the NULL
> pointer to populate_cert, which eventually causes a segfault down the
> road when NULL is dereferenced by get_dn in gnutls.

Belatedly, thanks for this - pushed to trunk.

Regards, Joe



More information about the neon mailing list