Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Nov 2016 09:52:32 +0100
From: Hanno Böck <>
Subject: Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use
 wrong host

On Wed, 2 Nov 2016 11:07:45 +0000
Stuart Henderson <> wrote:

> This switches to using libidn2,
> Has anyone poked at it much yet?

I poked a bit.
Nothing spectacular, a stac underread (accesses -1 of array), but only
in the command line tool:

And a memleak (not committed yet, sent to the maintianer).

It's only one function, so it's not too much to test.

Hanno Böck

GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ