Issue 6252 - GnuTLS subjectAltNames broken
Summary: GnuTLS subjectAltNames broken
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.17
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-12 22:36 UTC by Quanah Gibson-Mount
Modified: 2014-08-01 21:03 UTC (History)
0 users

See Also:

Attachments
0001-Fix-XMPP-parsing.patch (669 bytes, patch)
2009-08-12 22:54 UTC, Howard Chu 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Quanah Gibson-Mount 2009-08-12 22:36:37 UTC 
Full_Name: Quanah Gibson-Mount
Version: 2.4.17
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)


GnuTLS fails to parse certain subjectAltNames and returns spurious SHORT_BUFFER
error.

We passed in a buffer size of 1025, and it's internally overwriting it with a
size of only 31 and then complaining that 31 is too small
Comment 1 Howard Chu 2009-08-12 22:54:52 UTC 
quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.17
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.29.239)
>
>
> GnuTLS fails to parse certain subjectAltNames and returns spurious SHORT_BUFFER
> error.
>
> We passed in a buffer size of 1025, and it's internally overwriting it with a
> size of only 31 and then complaining that 31 is too small
>
The bug was reported against Ubuntu jaunty originally, and still exists in 
current GnuTLS git. So it appears to affect at least 2.4.2-present. The fix is 
trivial and is attached below. I will also submit this to the GnuTLS bug tracker.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 2 Howard Chu 2009-08-12 22:57:59 UTC 
hyc@symas.com wrote:
> The bug was reported against Ubuntu jaunty originally, and still exists in
> current GnuTLS git. So it appears to affect at least 2.4.2-present. The fix is
> trivial and is attached below. I will also submit this to the GnuTLS bug tracker.

This is https://savannah.gnu.org/support/index.php?106975

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 3 Howard Chu 2009-08-12 23:05:36 UTC 
changed notes
changed state Open to Feedback
Comment 4 Howard Chu 2009-09-29 00:29:32 UTC 
Howard Chu wrote:
> hyc@symas.com wrote:
>> The bug was reported against Ubuntu jaunty originally, and still exists in
>> current GnuTLS git. So it appears to affect at least 2.4.2-present. The fix is
>> trivial and is attached below. I will also submit this to the GnuTLS bug tracker.
>
> This is https://savannah.gnu.org/support/index.php?106975
>
It looks like the fix for this was released in GnuTLS 2.9.4. Closing this ITS.
(Current release is 2.9.6)
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/
Comment 5 Howard Chu 2009-09-29 00:35:03 UTC 
changed notes
changed state Feedback to Closed
Comment 6 OpenLDAP project 2014-08-01 21:03:40 UTC 
GnuTLS bug, fixed in 2.8.4 and 2.9.4