Security Bug due to Unchecked use of GnuTLS function
Yuan Jochen Kang
yjk2106 at columbia.edu
Sun Apr 10 19:20:32 EDT 2016
Dear Pidgin developers,
We are security researchers at Columbia University and the University of
Virginia. As part of a research project, we have built a tool for
automatically finding error handling bugs and are testing it on various
cryptographic libraries and applications that use them.
We discovered that failures of gnutls_x509_crt_init are sometimes ignored,
which could make the resulting certificate invalid.
Please let us know how you intend to address the following issue:
libpurple/plugins/ssl/ssl-gnutls.c, line 688:
static PurpleCertificate *
x509_import_from_datum(const gnutls_datum_t dt, gnutls_x509_crt_fmt_t mode)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the security