[gnutls-devel] GnuTLS | gnutls can't check object identifier value correctly (#886)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 3 15:07:04 CET 2020

llqll commented:

I'm not sure if this oid is valid. This leaf certificate was generated by the fuzzing tool. its content is
        Subject: 2.1998768. = CN, ST = Guangdong Sheng, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, OU = R&D, CN = www .qq.com
        Subject Public Key Info:
The oid you detected is 2.1998768. . This oid may be invalid, but the problem that `asn1_get_object_id_der` function always checks the second byte instead of the leading byte of object identifier value really exists.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/886#note_266872344
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200103/58ddad76/attachment.html>

More information about the Gnutls-devel mailing list