[gnutls-devel] GnuTLS | libgnutls: Add system-wide default-priority-string override. (!1158)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Jan 10 15:02:51 CET 2020

Dimitri John Ledkov commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1158#note_269775801

>  		if (ret < 0)
>  			return 0;
>  	} else if (c_strcasecmp(section, OVERRIDES_SECTION)==0) {
> -		if (c_strcasecmp(name, "insecure-hash")==0) {
> -			p = clear_spaces(value, str);
> +		if (c_strcasecmp(name, "default-priority-string")==0) {
> +			_clear_default_system_priority();
> +			p = clear_spaces(value, str, UINT_MAX);

I'm not intending to allocate any new strings here, just clear the whitespace like it is done for every other key (without allocating any new memory). However other keys are cleared to MAX_ALGO_NAME which is 128 and it was said that's too low for priority-string.

It does feel like we do need to put a limit on default-priority-string, but i don't know what is a sensible one. Microsoft C specifies string literals as 2048.

What should default-priority-string be capped at?

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1158#note_269775801
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200110/b45f9860/attachment.html>

More information about the Gnutls-devel mailing list