[gnutls-devel] GnuTLS | OCSP: in several cases OID values contain null terminated byte (#805)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sun Jul 21 09:03:25 CEST 2019
Nikos Mavrogiannopoulos created an issue:
The APIs in `lib/x509/ocsp*.c` rely on several cases on the fact that `_gnutls_x509_read_value` will incorrectly include the null terminated byte into the size for object identifier strings. This is sometimes reflected to exported APIs and thus a fix in the handling of the original function cannot happen without changing assumptions by user programs. The functions that are affected are:
- `gnutls_ocsp_req_get_extension()`
- `gnutls_ocsp_resp_get_response()`
- `gnutls_ocsp_resp_get_extension()`
I recommend to fix that deficiency in `_gnutls_x509_read_value` (see attached patch) in a minor release update (3.7.0), and document the change on the affected functions.
[patch.txt](/uploads/d48d06f9c56595640322e16ec9a7687b/patch.txt)
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/805
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190721/64e5a797/attachment.html>
More information about the Gnutls-devel
mailing list