[stunnel-users] xforwardfor-patch

Michal Trojnara Michal.Trojnara at mobi-com.net
Thu Dec 30 09:53:14 CET 2004

Alexander Lazic wrote:

> i have attached my xforwardfor-patch for stunnel-4.06 ;-)
> /* make room for X-Forwarded-For header */
> memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)

Nice remote buffer overflow exploit is possible here:
(when c->ssl_ptr + c->header_length >= BUFFSIZE)

Best regards,

More information about the stunnel-users mailing list