Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c

Simon Josefsson simon at josefsson.org
Mon Jun 22 11:44:47 CEST 2009


Tim Kosse <tim.kosse at filezilla-project.org> writes:

> The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one
> byte too short.
>
> The length passed to str_escape includes the terminating null, yet the
> size calculation for sizeof_escaped does not.
>
> The attached patch corrects this problem.
>
> To reproduce:
>
> Using GnuTLS 2.8.1
> Run gnutls-cli www.gmx.de -p 443
> It prints the following value for the 2.5.4.17 OID in the subject of
> certificate 0:
> #1405383038303
>
> It's missing one character at the end, it should have printed:
> #14053830383037

Fixed in

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2773e82dd323c2699f6846a7691bf4fba697703f

I also added a regression check to catch future problems in this area:

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=08d35c08e7186119076c118ed35ade0e32e89b58

Thanks,
/Simon





More information about the Gnutls-devel mailing list