Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Nov 2016 09:52:32 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use
 wrong host

On Wed, 2 Nov 2016 11:07:45 +0000
Stuart Henderson <stu@...cehopper.org> wrote:

> This switches to using libidn2,
[...]
> Has anyone poked at it much yet?

I poked a bit.
Nothing spectacular, a stac underread (accesses -1 of array), but only
in the command line tool:
https://gitlab.com/jas/libidn2/commit/3e3742321e7a280874903a7f7ae9bae7852c3415

And a memleak (not committed yet, sent to the maintianer).

It's only one function, so it's not too much to test.

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ