30 Dec
2004
30 Dec
'04
8:53 a.m.
Alexander Lazic wrote:
i have attached my xforwardfor-patch for stunnel-4.06 ;-)
[cut]
/* make room for X-Forwarded-For header */ memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)
Nice remote buffer overflow exploit is possible here: (when c->ssl_ptr + c->header_length >= BUFFSIZE)
Best regards, Mike