[gnutls-devel] OCSP certificate check
nmav at gnutls.org
Mon Sep 19 11:36:33 CEST 2016
On Fri, Sep 2, 2016 at 6:31 PM, Stefan Bühler <stbuehler at lighttpd.net> wrote:
> some days ago I discovered that the OCSP certificate check doesn't
> actually verify the serial length and might succeed when it shouldn't:
> `rserial.size != cserial.size` is never true, as `cserial.size`
> was initialized with `rserial.size`, and none of them gets
> changed; `t` is actually changed by `gnutls_x509_crt_get_serial`
> and should get checked; otherwise it might compare whatever bytes
> `gnutls_malloc` left at the end.
> Any other interpretations? Should this get a CVE?
It has been assigned CVE-2016-7444.
More information about the Gnutls-devel