Re: [tinydtls-dev] Buffer overflow in certificate request message

[Olaf Bergmann <bergmann@xxxxxxx>]

Hello Stephan,

Stephan Zeisberg <stephan@xxxxxxxxx> writes:

> Please let me know if this is the correct channel to report this
> security issue or if you need further information to reproduce the
> issue.

Thank you for sharing this information. This mailing list is a perfect
location for this. An alternative location would have been the issue
tracker in the GH project at https://github.com/eclipse/tinydtls/issues.

Looking at the source code, the bug is obvious, so no more information
is required. It would have been useful to check if this bug was already
fixed in the develop tree (the master is updated only for releases which
do not yet exist; A quick glance at the develop branch reveals that it
also contains this bug.)

Grüße
Olaf

Attachment: signature.asc
Description: PGP signature