[gnutls-devel] [sr #108610] dane_verify_crt_raw() does not check chain_size
anonymous
INVALID.NOREPLY at gnu.org
Sun Jul 6 21:27:00 CEST 2014
URL:
<http://savannah.gnu.org/support/?108610>
Summary: dane_verify_crt_raw() does not check chain_size
Project: GnuTLS
Submitted by: None
Submitted on: Sun 06 Jul 2014 19:26:59 UTC
Category: Extra library
Priority: 5 - Normal
Severity: 3 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email: bugs.gnutls.simon at arlott.org
Open/Closed: Open
Discussion Lock: Any
Operating System: None
_______________________________________________________
Details:
dane_verify_crt_raw() does not check chain_size before dereferencing chain[0]
in a call to verify_ee().
chain_size could be 0 (it is only checked in dane_verify_session_crt()).
For consistency, dane_verify_crt() and dane_verify_crt_raw() should both
return DANE_E_NO_CERT if chain_size is 0.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?108610>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
More information about the Gnutls-devel
mailing list