~andyrew

https://andrewzigerelli.com

Moving here from github.

Recent activity

[PATCH] gmnlm: host freed too early, causing UAF a month ago

From Andrew to ~sircmpwn/gmni-devel

The host variable is freed too early. If a client certificate is not
found, the later error message in the
GEMINI_STATUS_CLASS_CLIENT_CERTIFICATE_REQUIRED case uses the freed host
variable to produce an incorrect openssl command. This fix just delays
the free to after the switch statement.

Test case:
gmnlm gemini://feeds.drewdevault.com

Prior:
The following OpenSSL command will generate a certificate for this host:

openssl req -x509 -newkey rsa:4096 \
 -keyout /home/andrew/.local/share/gmni/certs/€Ú-=öU.key \
[message trimmed]