ijackson at chiark.greenend.org.uk
Mon Sep 22 16:49:44 BST 2014
> Right. Now I think I have some kind of an explanation. The problem
> does seem to be in buf_remaining_space, because when my watchpoint on
> st->buff goes off, the code being executed is in buf_append_uint8, on
> a buffer looking like this:
Simon's explanation, sent to me by private email, was entirely
correct. Here is the patch he sent me, with a commit message added by
Thanks very much to Simon.
I have taken the liberty of adding my own Signed-off-by, since I trust
Simon has no objection to us distributing this fix in secnet (hence
under the GPLv3+).
[PATCH 1/1] SECURITY: fixed fix to buffer handling
More information about the sgo-software-discuss