[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6252) GnuTLS subjectAltNames broken
This is a multi-part message in MIME format.
--------------060905090106040506040806
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
quanah@zimbra.com wrote:
> Full_Name: Quanah Gibson-Mount
> Version: 2.4.17
> OS: NA
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (75.111.29.239)
>
>
> GnuTLS fails to parse certain subjectAltNames and returns spurious SHORT_BUFFER
> error.
>
> We passed in a buffer size of 1025, and it's internally overwriting it with a
> size of only 31 and then complaining that 31 is too small
>
The bug was reported against Ubuntu jaunty originally, and still exists in
current GnuTLS git. So it appears to affect at least 2.4.2-present. The fix is
trivial and is attached below. I will also submit this to the GnuTLS bug tracker.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
--------------060905090106040506040806
Content-Type: text/x-patch;
name="0001-Fix-XMPP-parsing.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="0001-Fix-XMPP-parsing.patch"
>From 436824d8b8a908860688354841b4b082d4239157 Mon Sep 17 00:00:00 2001
From: Howard Chu <hyc@symas.com>
Date: Wed, 12 Aug 2009 15:48:02 -0700
Subject: [PATCH] Fix XMPP parsing
---
lib/x509/x509.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 048ff89..e15531e 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -1011,6 +1011,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
return _gnutls_asn2err (result);
}
+ len = *name_size;
result = asn1_read_value (c2, "", name, &len);
*name_size = len;
if (result != ASN1_SUCCESS)
--
1.6.3.rc3
--------------060905090106040506040806--