[gnutls-dev] Re: GnuTLS 1.2.10 - Security release

Simon Josefsson jas at extundo.com
Sat Feb 11 11:36:16 CET 2006


The patch against GnuTLS 1.2.9 to solve the security problem is below.
Actually, it merely fix the calls to the internal libtasn1 APIs that
changed with the security fixes for libtasn1.

In the future, GnuTLS will not rely on libtasn1 internal functions.
We will export _asn1_get_tag_der, _asn1_get_octet_der,
_asn1_get_bit_der and _asn1_get_length_der (after removing the leading
'_') because these functions have proved useful outside of the
library.

Note that you'll want to make sure a GnuTLS 1.2.9 built with this
patch really uses the new libtasn1, or it will break.

Regards,
Simon

Index: lib/x509/xml.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/xml.c,v
retrieving revision 1.14
retrieving revision 1.14.10.1
diff -u -p -r1.14 -r1.14.10.1
--- lib/x509/xml.c	26 May 2005 15:27:24 -0000	1.14
+++ lib/x509/xml.c	11 Feb 2006 10:28:55 -0000	1.14.10.1
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation
  *
  * Author: Nikos Mavroyanopoulos
  *
@@ -344,7 +344,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 
 	if (p->type == TYPE_BIT_STRING) {
 	    len2 = -1;
-	    len = _asn1_get_length_der(p->value, &len2);
+	    len = _asn1_get_length_der(p->value, p->value_len, &len2);
 	    snprintf(tmp, sizeof(tmp), " length=\"%i\"",
 		     (len - 1) * 8 - (p->value[len2]));
 	    STR_APPEND(tmp);
@@ -374,7 +374,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 	    case TYPE_INTEGER:
 		if (value) {
 		    len2 = -1;
-		    len = _asn1_get_length_der(value, &len2);
+		    len = _asn1_get_length_der(value, p->value_len, &len2);
 
 		    for (k = 0; k < len; k++) {
 			snprintf(tmp, sizeof(tmp),
@@ -387,7 +387,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 	    case TYPE_ENUMERATED:
 		if (value) {
 		    len2 = -1;
-		    len = _asn1_get_length_der(value, &len2);
+		    len = _asn1_get_length_der(value, p->value_len, &len2);
 
 		    for (k = 0; k < len; k++) {
 			snprintf(tmp, sizeof(tmp),
@@ -412,7 +412,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 	    case TYPE_BIT_STRING:
 		if (value) {
 		    len2 = -1;
-		    len = _asn1_get_length_der(value, &len2);
+		    len = _asn1_get_length_der(value, p->value_len, &len2);
 
 		    for (k = 1; k < len; k++) {
 			snprintf(tmp, sizeof(tmp),
@@ -424,7 +424,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 	    case TYPE_OCTET_STRING:
 		if (value) {
 		    len2 = -1;
-		    len = _asn1_get_length_der(value, &len2);
+		    len = _asn1_get_length_der(value, p->value_len, &len2);
 		    for (k = 0; k < len; k++) {
 			snprintf(tmp, sizeof(tmp),
 				 "%02X", (value)[k + len2]);
@@ -440,7 +440,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 		if (!p->down) {
 		    if (value) {
 			len3 = -1;
-			len2 = _asn1_get_length_der(value, &len3);
+			len2 = _asn1_get_length_der(value, p->value_len, &len3);
 			for (k = 0; k < len2; k++) {
 			    snprintf(tmp, sizeof(tmp),
 				     "%02X", (value)[k + len3]);
@@ -456,10 +456,10 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
 			up->left && up->left->value &&
 			up->type & CONST_DEFINED_BY &&
 			type_field(up->left->type) == TYPE_OBJECT_ID) {
+		      len2 = _asn1_get_length_der(up->value,
+						  up->value_len, &len3);
 
-			len2 = _asn1_get_length_der(up->value, &len3);
-
-			if (len2 > 0 && strcmp(p->name, "type") == 0) {
+		      if (len2 > 0 && strcmp(p->name, "type") == 0) {
 			    size_t tmp_len = sizeof(tmp);
 			    ret =
 				_gnutls_x509_oid_data2string(up->left->



More information about the Gnutls-dev mailing list