[stunnel-users] xforwardfor-patch

Alexander Lazic al-stunnel at none.at
Thu Dec 30 10:00:24 CET 2004

On Don 30.12.2004 09:53, Michal Trojnara wrote:
>Alexander Lazic wrote:
>>i have attached my xforwardfor-patch for stunnel-4.06 ;-)
>>/* make room for X-Forwarded-For header */
>>memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)
>Nice remote buffer overflow exploit is possible here:
>(when c->ssl_ptr + c->header_length >= BUFFSIZE)

Oh thanx i will update the patch ;-)

al ;-)

More information about the stunnel-users mailing list