Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c

Tim Kosse tim.kosse at
Sat Jun 20 00:13:03 CEST 2009

The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one
byte too short.

The length passed to str_escape includes the terminating null, yet the
size calculation for sizeof_escaped does not.

The attached patch corrects this problem.

To reproduce:

Using GnuTLS 2.8.1
Run gnutls-cli -p 443
It prints the following value for the OID in the subject of
certificate 0:

It's missing one character at the end, it should have printed:

Tim Kosse
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gnutls_dn.patch
URL: </pipermail/attachments/20090620/f8c3591d/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090620/f8c3591d/attachment.pgp>

More information about the Gnutls-devel mailing list