I wonder why it was reported as a security risk.
My concern is the third gnutls_record_recv() call. 'maxlen' argument
of TLS_readline() was passed to the call as is, and TLS_readline()
callers *always pass the full size* of TLS_buffer[] as 'maxlen', but
pointer passed to the gnutls_record_recv()
I've just committed your patch to echoping and it seems to work but I
wonder why it was reported as a security risk. I do not immediately
see why.
signature.asc
Description: Digital signature
2 matches
Mail list logo
