(ITS#5361) cert verification failures with GnuTLS and DNS subjectAltName
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Feb 15 15:58:46 CET 2008
Indeed I'll try to improve this patch to work only for formats known
to be text.
On Fri, Feb 15, 2008 at 12:34 AM, Joe Orton <joe at manyfish.co.uk> wrote:
> On Sun, Feb 10, 2008 at 01:58:37AM -0800, Howard Chu wrote:
> > Yes. I've just tested with GnuTLS 2.2.1 and 2.3.0 and see the same result
> > you're seeing. The change is here:
> > http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=deaa3ac31c2e83c292562ab66c1817c7ebc27048
> >
> > and it is clearly a bug, since subjectAltName's are not necessarily
> > strings. (E.g., they can also be IP addresses, which are just 4 or 16
> > octets.) If you notice in the diff, they set
> > *name_size = len + 1;
> > and then later
> > name[len] = 0;
> > but this occurs *after* the check for SHORT_MEMORY_BUFFER. So in fact they
> > can cause a write past the end of the supplied buffer.
> >
> > This patch should be reverted, it is clearly wrong.
>
> FWIW, I agree. neon's test cases for subjectAltName support are
> breaking with 2.3.0 as well. Reverting the changeset Howard referenced
> fixes the issues.
>
> joe
>
>
>
>
> _______________________________________________
> Gnutls-devel mailing list
> Gnutls-devel at gnu.org
> http://lists.gnu.org/mailman/listinfo/gnutls-devel
>
More information about the Gnutls-devel
mailing list