xforwardfor-patch - stunnel-users - stunnel.org

List overview All Threads
Download

xforwardfor-patch

A couple of patches against 4.06

stunnel 4.0.6 stunnel uid/gid...

Alexander Lazic

29 Dec 2004 29 Dec '04

3:33 p.m.

Hi,

i have attached my xforwardfor-patch for stunnel-4.06 ;-)

al ;-)

Attachments:

xforwardedfor.patch (text/plain — 4.2 KB)

Reply

Show replies by date

Michal Trojnara

30 Dec 30 Dec

8:53 a.m.

Alexander Lazic wrote:

i have attached my xforwardfor-patch for stunnel-4.06 ;-)

[cut]

/* make room for X-Forwarded-For header */ memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)

Nice remote buffer overflow exploit is possible here: (when c->ssl_ptr + c->header_length >= BUFFSIZE)

Best regards, Mike

Reply

Alexander Lazic

9 a.m.

On Don 30.12.2004 09:53, Michal Trojnara wrote:

Alexander Lazic wrote:

...
i have attached my xforwardfor-patch for stunnel-4.06 ;-)

[cut]

...
/* make room for X-Forwarded-For header */ memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)

Nice remote buffer overflow exploit is possible here: (when c->ssl_ptr + c->header_length >= BUFFSIZE)

Oh thanx i will update the patch ;-)

al ;-)

Reply

7267

Age (days ago)

7268

Last active (days ago)

stunnel-users@stunnel.org

2 comments

2 participants

tags (0)

participants (2)

Alexander Lazic
Michal Trojnara