[pubcookie-dev] keyserver: unterminated string bug/patch
emumpowe at akamai.com
Tue Dec 18 13:37:26 PST 2007
I noticed that when I ran keyserver with verbose logging enabled, the
log entries containing "REQ=" strings often ended with random binary
garbage. This was being caused by a call to SSL_read() which ignored
the returned value indicating the number of bytes actually read.
I didn't figure out any way to leverage this into an exploit or DOS,
but it does make verbose logging less useful.
The attached patch fixes this bug.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1341 bytes
Url : http://mailman1.u.washington.edu/pipermail/pubcookie-dev/attachments/20071218/a6ed57bd/keyserver-unterm.bin
More information about the pubcookie-dev