Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c

Simon Josefsson simon at
Mon Jun 22 11:44:47 CEST 2009

Tim Kosse <tim.kosse at> writes:

> The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one
> byte too short.
> The length passed to str_escape includes the terminating null, yet the
> size calculation for sizeof_escaped does not.
> The attached patch corrects this problem.
> To reproduce:
> Using GnuTLS 2.8.1
> Run gnutls-cli -p 443
> It prints the following value for the OID in the subject of
> certificate 0:
> #1405383038303
> It's missing one character at the end, it should have printed:
> #14053830383037

Fixed in

I also added a regression check to catch future problems in this area:


More information about the Gnutls-devel mailing list