[gnutls-dev] Re: GnuTLS 1.2.10 - Security release
Simon Josefsson
jas at extundo.com
Sat Feb 11 11:36:16 CET 2006
The patch against GnuTLS 1.2.9 to solve the security problem is below.
Actually, it merely fix the calls to the internal libtasn1 APIs that
changed with the security fixes for libtasn1.
In the future, GnuTLS will not rely on libtasn1 internal functions.
We will export _asn1_get_tag_der, _asn1_get_octet_der,
_asn1_get_bit_der and _asn1_get_length_der (after removing the leading
'_') because these functions have proved useful outside of the
library.
Note that you'll want to make sure a GnuTLS 1.2.9 built with this
patch really uses the new libtasn1, or it will break.
Regards,
Simon
Index: lib/x509/xml.c
===================================================================
RCS file: /cvs/gnutls/gnutls/lib/x509/xml.c,v
retrieving revision 1.14
retrieving revision 1.14.10.1
diff -u -p -r1.14 -r1.14.10.1
--- lib/x509/xml.c 26 May 2005 15:27:24 -0000 1.14
+++ lib/x509/xml.c 11 Feb 2006 10:28:55 -0000 1.14.10.1
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2002, 2003, 2004, 2005 Free Software Foundation
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006 Free Software Foundation
*
* Author: Nikos Mavroyanopoulos
*
@@ -344,7 +344,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
if (p->type == TYPE_BIT_STRING) {
len2 = -1;
- len = _asn1_get_length_der(p->value, &len2);
+ len = _asn1_get_length_der(p->value, p->value_len, &len2);
snprintf(tmp, sizeof(tmp), " length=\"%i\"",
(len - 1) * 8 - (p->value[len2]));
STR_APPEND(tmp);
@@ -374,7 +374,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
case TYPE_INTEGER:
if (value) {
len2 = -1;
- len = _asn1_get_length_der(value, &len2);
+ len = _asn1_get_length_der(value, p->value_len, &len2);
for (k = 0; k < len; k++) {
snprintf(tmp, sizeof(tmp),
@@ -387,7 +387,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
case TYPE_ENUMERATED:
if (value) {
len2 = -1;
- len = _asn1_get_length_der(value, &len2);
+ len = _asn1_get_length_der(value, p->value_len, &len2);
for (k = 0; k < len; k++) {
snprintf(tmp, sizeof(tmp),
@@ -412,7 +412,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
case TYPE_BIT_STRING:
if (value) {
len2 = -1;
- len = _asn1_get_length_der(value, &len2);
+ len = _asn1_get_length_der(value, p->value_len, &len2);
for (k = 1; k < len; k++) {
snprintf(tmp, sizeof(tmp),
@@ -424,7 +424,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
case TYPE_OCTET_STRING:
if (value) {
len2 = -1;
- len = _asn1_get_length_der(value, &len2);
+ len = _asn1_get_length_der(value, p->value_len, &len2);
for (k = 0; k < len; k++) {
snprintf(tmp, sizeof(tmp),
"%02X", (value)[k + len2]);
@@ -440,7 +440,7 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
if (!p->down) {
if (value) {
len3 = -1;
- len2 = _asn1_get_length_der(value, &len3);
+ len2 = _asn1_get_length_der(value, p->value_len, &len3);
for (k = 0; k < len2; k++) {
snprintf(tmp, sizeof(tmp),
"%02X", (value)[k + len3]);
@@ -456,10 +456,10 @@ _gnutls_asn1_get_structure_xml(ASN1_TYPE
up->left && up->left->value &&
up->type & CONST_DEFINED_BY &&
type_field(up->left->type) == TYPE_OBJECT_ID) {
+ len2 = _asn1_get_length_der(up->value,
+ up->value_len, &len3);
- len2 = _asn1_get_length_der(up->value, &len3);
-
- if (len2 > 0 && strcmp(p->name, "type") == 0) {
+ if (len2 > 0 && strcmp(p->name, "type") == 0) {
size_t tmp_len = sizeof(tmp);
ret =
_gnutls_x509_oid_data2string(up->left->
More information about the Gnutls-dev
mailing list