Two weeks ago, an interesting commit appeared in the GnuTLS repository.
2014-05-23 19:50 Nikos Mavrogiannopoulos <nmav@gnutls.org>
Prevent memory corruption due to server hello parsing.
The patch adds a second check to verify the boundary of the session id size.
- if (len < session_id_len) {
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
The memory corruption keywords triggered my attention, and just 6 days later another funny commit appeared
more here..........http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
2014-05-23 19:50 Nikos Mavrogiannopoulos <nmav@gnutls.org>
Prevent memory corruption due to server hello parsing.
The patch adds a second check to verify the boundary of the session id size.
- if (len < session_id_len) {
+ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) {
The memory corruption keywords triggered my attention, and just 6 days later another funny commit appeared
more here..........http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/