Date: Fri, 4 Nov 2016 09:52:32 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Re: [SECURITY ADVISORY] IDNA 2003 makes curl use wrong host On Wed, 2 Nov 2016 11:07:45 +0000 Stuart Henderson <stu@...cehopper.org> wrote: > This switches to using libidn2, [...] > Has anyone poked at it much yet? I poked a bit. Nothing spectacular, a stac underread (accesses -1 of array), but only in the command line tool: https://gitlab.com/jas/libidn2/commit/3e3742321e7a280874903a7f7ae9bae7852c3415 And a memleak (not committed yet, sent to the maintianer). It's only one function, so it's not too much to test. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ