[stunnel-users] xforwardfor-patch

• Previous message (by thread): [stunnel-users] xforwardfor-patch
• Next message (by thread): [stunnel-users] stunnel 4.0.6 stunnel uid/gid removal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Don 30.12.2004 09:53, Michal Trojnara wrote:
>Alexander Lazic wrote:
>
>>i have attached my xforwardfor-patch for stunnel-4.06 ;-)
>[cut]
>>/* make room for X-Forwarded-For header */
>>memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)
>
>Nice remote buffer overflow exploit is possible here:
>(when c->ssl_ptr + c->header_length >= BUFFSIZE)

Oh thanx i will update the patch ;-)

al ;-)

• Previous message (by thread): [stunnel-users] xforwardfor-patch
• Next message (by thread): [stunnel-users] stunnel 4.0.6 stunnel uid/gid removal
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]