Nikos Mavrogiannopoulos nmav@gnutls.org writes:
On Sun, 2013-12-15 at 19:19 +0100, Niels Möller wrote:
Checked in now, with minor changes (deleted the out_n argument for gmp_alloc, and moved the TMP_GMP_* macros to gmp-glue.h).
Would that be included in a 2.7 release?
I don't currently plan any 2.7.2 bugfix release. I'm thinking that this problem is not serious enough to motivate a new release. If some more urgent reason to make a release comes up, we can consider backporting this change.
Or have you seen any real problems caused by this? That would be an application accepting an arbitrarily large RSA keys from an untrusted source, and passing it on to nettle without any limit to prevent DoS. In that scenario, it could be a real problem.
Regards, /Niels