[Privoxy-commits] [privoxy] 01/08: ssl_send_certificate_error(): Store the generated message on the heap instead of the stack

User Git git at git.privoxy.org
Sun May 31 09:38:24 CEST 2026 

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit 4963aa4f08a378d0ea8a89433a95c3948a14bb9e
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri May 15 07:35:54 2026 +0200

    ssl_send_certificate_error(): Store the generated message on the heap instead of the stack
    
    ... to prevent an alleged segmentation fault if there are enough
    certificates in the chain to exceed the stack size.
    
    While at it, replace another variable-length array that
    was probably unproblematic with a heap-based buffer as well.
    
    OVE-20260515-0001.
    
    Reported by @TristanInSec.
---
 ssl_common.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/ssl_common.c b/ssl_common.c
index 900e3eba..cb93ac05 100644
--- a/ssl_common.c
+++ b/ssl_common.c
@@ -380,8 +380,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    /*
     * Joining all blocks in one long message
     */
-   char message[message_len];
-   memset(message, 0, message_len);
+   char *message = zalloc_or_die(message_len);
 
    strlcpy(message, message_begin, message_len);
    strlcat(message, reason       , message_len);
@@ -395,9 +394,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
                                            /* +1 for terminating null */
          size_t base64_len = 4 * ((strlen(cert->file_buf) + 2) / 3) + 1;
          size_t olen = 0;
-         char base64_buf[base64_len];
-
-         memset(base64_buf, 0, base64_len);
+         char *base64_buf = zalloc_or_die(base64_len);
 
          /* Encoding certificate into base64 code */
          ret = ssl_base64_encode((unsigned char*)base64_buf,
@@ -420,6 +417,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
             strlcat(message, base64_buf, message_len);
             strlcat(message, "\">Download certificate</a>", message_len);
          }
+         freez(base64_buf);
       }
 
       cert = cert->next;
@@ -442,6 +440,7 @@ extern void ssl_send_certificate_error(struct client_state *csp)
    (void)ssl_send_data(ssl_attr, (const unsigned char *)message, strlen(message));
 
    free_certificate_chain(csp);
+   freez(message);
 
    log_error(LOG_LEVEL_CRUNCH, "Certificate error: %s: https://%s%s",
       reason, csp->http->hostport, csp->http->path);

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Privoxy-commits mailing list