Hi! Thanks for the patch, I've applied it as SVN 14185. However, I should mention that the respective branch (1st argument NULL) is never taken (I've checked all call-sites, NULL is never passed), so the overflow is in code that is definitively dead. Still good to fix, but not a security issue (in case someone cares).
Happy hacking! Christian On Saturday, January 15, 2011 09:51:36 pm Stanislav Ochotnicky wrote: > Attached patch should fix bug mentioned in [1]. memset function was used > incorrectly with address of a pointer instead of address where pointer > was pointing thus causing buffer overflow and possibly other problems. > > The 0.9.x versions don't seem to be affected since the identity > application doesn't exist there if I am not mistaken. > > [1] https://bugs.gentoo.org/show_bug.cgi?id=339355 _______________________________________________ GNUnet-developers mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnunet-developers
