[stunnel-users] xforwardfor-patch
Alexander Lazic
al-stunnel at none.at
Thu Dec 30 10:00:24 CET 2004
On Don 30.12.2004 09:53, Michal Trojnara wrote:
>Alexander Lazic wrote:
>
>>i have attached my xforwardfor-patch for stunnel-4.06 ;-)
>[cut]
>>/* make room for X-Forwarded-For header */
>>memmove(eol+1+c->header_length, eol+1, (eol - c->ssl_buff)
>
>Nice remote buffer overflow exploit is possible here:
>(when c->ssl_ptr + c->header_length >= BUFFSIZE)
Oh thanx i will update the patch ;-)
al ;-)
More information about the stunnel-users
mailing list