solutions
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Aug 4 18:41:51 CEST 2009
Simon Josefsson wrote:
>>>> return 0;
>>>> }
>>> Hi Nikos -- this code crashed the self-tests, but I fixed that.
>>>
>>> However, isn't this the wrong way to address the real problem? It seems
>>> callers of the function should be fixed to be careful not to assume
>>> decoded data does not contain NULs?
>> A null byte there is really malicious (why would a string contain a null
>> byte?).
>
> The standards permit it...
To be precise it is only allowed if a the string is tagged as ia5String.
Other types do not allow null.
More information about the Gnutls-devel
mailing list