solutions

[Simon Josefsson]

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> Simon Josefsson wrote:
>> Having had some time to read the code, here are some observations:
>> 
>> * The old _gnutls_x509_oid_data2string in lib/x509/common.c is buggy
>>   since it truncates the string after a NUL (it copies the string using
>>   strcpy instead of memcpy).  The RES_SIZE length output variable is
>>   correct though, but output data beyond the NUL will be garbage.
>> 
>> * I can see a few ways to solve the problem:
>> 
>>   1) Make _gnutls_x509_oid_data2string escape NULs as \00 following RFC
>>      2253.
>> 
>>   2) Use memcpy instead of strcpy and change the documentation of the
>>      function to say that the returned string may contain embedded NULs,
>>      and fix the callers of that function.
>> 
>>   3) Return a RFC 2253 #-style string for these strings.
>> 
>>   4) Return an error when a NUL is encountered.
>
> 4 is just ok. One could do 1 if he really bothers, but there is no
> reason for that. Even though IA5 string allows for null character there
> is no reason for us to allow it. It is the null terminator for C strings
> thus allowing it can cause only problems and complicated code.

I agree.  I have applied the patch.  It is not sufficient alone: NUL in
SAN is not covered by that code path, but RedHat supplied a fix for the
hostname comparison functions.  What remains is to make sure printing a
certificate with NUL in SAN comes out OK.

/Simon