solutions
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Aug 4 07:23:28 CEST 2009
Simon Josefsson wrote:
>> return 0;
>> }
>
> Hi Nikos -- this code crashed the self-tests, but I fixed that.
>
> However, isn't this the wrong way to address the real problem? It seems
> callers of the function should be fixed to be careful not to assume
> decoded data does not contain NULs?
A null byte there is really malicious (why would a string contain a null
byte?). Maybe using '?' is not the right solution, though. However I
don't think the callers of this function will be safe... even the
description of it says that the string will be null terminated :(
I'd suggest to use memcpy for the cases of the gnutls_str_cpy to avoid
having certificates that return a smaller DN value...
More information about the Gnutls-devel
mailing list