[pubcookie-dev] keyserver: unterminated string bug/patch

Eric Mumpower emumpowe at akamai.com
Tue Dec 18 13:37:26 PST 2007

Previous message: [pubcookie-dev] can't increase username lenght in pubcookie code :-(
Next message: [pubcookie-dev] keyserver: unterminated string bug/patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I noticed that when I ran keyserver with verbose logging enabled, the
log entries containing "REQ=" strings often ended with random binary
garbage. This was being caused by a call to SSL_read() which ignored
the returned value indicating the number of bytes actually read.

I didn't figure out any way to leverage this into an exploit or DOS,
but it does make verbose logging less useful.

The attached patch fixes this bug.

Cheers,
Eric

-------------- next part --------------
A non-text attachment was scrubbed...
Name: keyserver-unterm.patch
Type: text/x-patch
Size: 1341 bytes
Desc:
Url : http://mailman1.u.washington.edu/pipermail/pubcookie-dev/attachments/20071218/a6ed57bd/keyserver-unterm.bin

Previous message: [pubcookie-dev] can't increase username lenght in pubcookie code :-(
Next message: [pubcookie-dev] keyserver: unterminated string bug/patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pubcookie-dev mailing list