Marc-André Moreau wrote, On 06/04/2011 09:41 PM: > There appears to be a potential buffer overflow that manifests itself > in less subtle ways in the Windows build. I am using Visual C++ > Express 2010. > > I've just spent about an hour or two trying to figure out where the > buffer overflow was, but couldn't find it yet. The crash happens in > sec_verify_tls, but doesn't consistently crash at the same place, > depending on how you start changing the code in that area. My guess is > that there is a buffer overflow somewhere before that part of the > code, that will corrupt certain parts of memory, but the effects of > the corruption are only seen down the road when sec_verify_tls gets > called. > > I recall we once had a similar problem, where the buffer overflow was > caused by a static length used for a certain key size. With certain > servers, the key was longer than the static length, meaning that the > buffer overflow would only occur when connecting to certain servers. > I'm connecting to Windows 7 SP1, so maybe we're facing a similar > problem again. > > Has anybody else been experiencing similar issues?
That sounds like the http://www.openssl.org/support/faq.html#PROG2 issue I solved Marts 9th. /Mads ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ Freerdp-devel mailing list Freerdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/freerdp-devel
