[gnutls-devel] GnuTLS | OCSP: in several cases OID values contain null terminated byte (#805)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Jul 21 09:03:25 CEST 2019

Nikos Mavrogiannopoulos created an issue:

  The APIs in `lib/x509/ocsp*.c` rely on several cases on the fact that `_gnutls_x509_read_value` will incorrectly include the null terminated byte into the size for object identifier strings. This is sometimes reflected to exported APIs and thus a fix in the handling of the original function cannot happen without changing assumptions by user programs. The functions that are affected are:
 - `gnutls_ocsp_req_get_extension()`
 - `gnutls_ocsp_resp_get_response()`
 - `gnutls_ocsp_resp_get_extension()`

I recommend to fix that deficiency in `_gnutls_x509_read_value` (see attached patch) in a minor release update (3.7.0), and document the change on the affected functions.


Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/805
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190721/64e5a797/attachment.html>

More information about the Gnutls-devel mailing list