[stunnel-users] xforwardfor-patch

Michal Trojnara Michal.Trojnara at mobi-com.net
Thu Dec 30 09:53:14 CET 2004

Previous message (by thread): [stunnel-users] xforwardfor-patch
Next message (by thread): [stunnel-users] xforwardfor-patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexander Lazic wrote:

> i have attached my xforwardfor-patch for stunnel-4.06 ;-)
[cut]
> /* make room for X-Forwarded-For header */
> memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)

Nice remote buffer overflow exploit is possible here:
(when c->ssl_ptr + c->header_length >= BUFFSIZE)

Best regards,
    Mike

Previous message (by thread): [stunnel-users] xforwardfor-patch
Next message (by thread): [stunnel-users] xforwardfor-patch
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stunnel-users mailing list