Nikos Mavrogiannopoulos wrote: > We only use file > support to open configuration files, or files containing certificates, > files that if they exceed 2GB then something is wrong.
Indeed, after taking a look at gnutls-3.0.6/lib/opencdk/keydb.[hc] I can even tell you what will be wrong: If someone creates a keyring file with size > 4 GB, then the key at offset 2^32 + o will be confused with the key at offset o. _Even_ if off_t is 64-bit. Because the off_t value is stored as 32 bits in an index file used for searching. And the function cdk_file_armor in gnutls-3.0.6/lib/opencdk/armor.c (is this the same function as "gpg -a"?) ought to work with arbitrarily large binary files, right? We have the following call chain: cdk_file_armor -> cdk_stream_open -> _cdk_stream_open_mode -> fopen which has the potential to misbehave if fopen() is not the same as fopen64. [1] Bruno [1] http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=blob;f=doc/posix-functions/fopen.texi;hb=HEAD -- In memoriam Hannah Szenes <http://en.wikipedia.org/wiki/Hannah_Szenes>
