Fwd: GNU Libtasn1 2.12 released

Simon Josefsson simon at josefsson.org
Tue Mar 20 12:43:10 CET 2012

Tomas Hoger <thoger at redhat.com> writes:

> Nikos Mavrogiannopoulos writes:
>> Note that the bug fixed affects all gnutls versions.
> Nikos, should the above be read as "all gnutls versions include
> libtasn1 versions affected by this problem" or "gnutls uses
> asn1_get_length_der incorrectly too"?  Have you managed to
> confirm the issue in gnutls and can possibly comment on known
> possible impacts (e.g. TLS client can trigger this on TLS server
> by providing a crafted client certificate during handshake)?

There is a self-test in GnuTLS about this, see
tests/suite/invalid-cert*.  It contains a crafted cert which triggers
the bug, to cause a crash.


More information about the Gnutls-devel mailing list