ocserv: http parsing flaw results in disabled DTLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu May 16 17:06:35 EDT 2013
On Thu, 16 May 2013 16:18:00 +0300
Faidon Liambotis <paravoid at debian.org> wrote:
> Hi,
> [ not subscribed to the list, Cc me on replies please ]
> I'm trying ocserv 0.1.2 in combination with Debian wheezy's
> openconnect (3.20). It looks like there is a bug in the way ocserv
> uses the http-parser library that results in misparsing the HTTP
> headers and X-DTLS-Master-Secret specifically, which in turn results
> in DTLS being disabled.
> More specifically, ocserv reads from the socket and feeds the buffer
> to http-parser as it goes, with http-parser potentially trying to
> parse partial header fields/values.
Hello Faidon,
I think I have received this bug report before, but it seems I never
solved it. By looking at it, it is quite some work to rewrite that
part. I'll try to check it as soon.
regards,
Nikos
More information about the openconnect-devel
mailing list