Patch for off-by-one in _gnutls_x509_parse

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c

From:	Tim Kosse
Subject:	Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c
Date:	Sat, 20 Jun 2009 00:13:03 +0200
User-agent:	Thunderbird 2.0.0.21 (Windows/20090302)

The size of the sizeof_escaped string in _gnutls_x509_parse_dn is one
byte too short.

The length passed to str_escape includes the terminating null, yet the
size calculation for sizeof_escaped does not.

The attached patch corrects this problem.

To reproduce:

Using GnuTLS 2.8.1
Run gnutls-cli www.gmx.de -p 443
It prints the following value for the 2.5.4.17 OID in the subject of
certificate 0:
#1405383038303

It's missing one character at the end, it should have printed:
#14053830383037

Regards,
Tim Kosse

--- lib/x509/dn.c_old   2009-06-20 00:03:57.265625000 +0200
+++ lib/x509/dn.c       2009-06-20 00:03:40.171875000 +0200
@@ -240,7 +240,7 @@
          ldap_desc = oid2ldap_string (oid);
          printable = _gnutls_x509_oid_data_printable (oid);
 
-         sizeof_escaped = 2 * len + 1;
+         sizeof_escaped = 2 * len + 2; /* leading #, hex encoded value and 
terminating NULL */
 
          escaped = gnutls_malloc (sizeof_escaped);
          if (escaped == NULL)

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c, Tim Kosse <=
- Re: Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c, Simon Josefsson, 2009/06/22

Prev by Date: Size of time_t in gnutls4win
Next by Date: Re: Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c
Previous by thread: Size of time_t in gnutls4win
Next by thread: Re: Patch for off-by-one in _gnutls_x509_parse_dn in lib/x509/dn.c
Index(es):
- Date
- Thread