On Tue, Nov 11, 2008 at 04:55:57PM +0100, Simon Josefsson wrote: > I think we have identified the problem, see: > > http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3216/focus=3230 > > That patch at least solves the vulnerability and the crash, so possibly > it could be uploaded to debian to avoid further troubles until we have > released a 2.6.2 with a good fix.
You mean just removing this code snippet instead of moving it? /* Check if the last certificate in the path is self signed. * In that case ignore it (a certificate is trusted only if it * leads to a trusted party by us, not the server's). */ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1], certificate_list[clist_size - 1]) > 0 && clist_size > 0) { clist_size--; } Yes, this works. However, I wonder whether this code has any use. If so, wouldn't it help to just use "clist_size > 1" instead of "clist_size > 0"? The > 0 test is bogus if you access clist_size - 1 afterwards, but with the > 1 test it works for me as well, i.e. no segfault anymore. Michael -- Michael Meskes Michael at Fam-Meskes dot De, Michael at Meskes dot (De|Com|Net|Org) Michael at BorussiaFan dot De, Meskes at (Debian|Postgresql) dot Org ICQ: 179140304, AIM/Yahoo: michaelmeskes, Jabber: [EMAIL PROTECTED] Go VfL Borussia! Go SF 49ers! Use Debian GNU/Linux! Use PostgreSQL! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]