[gnutls-devel] GnuTLS | Read Certificate Transparency (RFC 6962) SCT extension (!1367)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sun Apr 4 11:04:32 CEST 2021




Ander Juaristi commented on a discussion on lib/x509/x509_ext.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_544455288

> +		_gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
> +					   ext->data, ext->size, &scts_content,
> +					   0);
> +	if (retval < 0)
> +		return gnutls_assert_val(retval);
> +
> +	length = _gnutls_read_uint16(scts_content.data);
> +	if (length < 4) {
> +		gnutls_free(scts_content.data);
> +		return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
> +	}
> +
> +	ptr = &scts_content.data[2];
> +	while (length > 0) {
> +		sct_length = _gnutls_read_uint16(ptr);
> +		if (sct_length == 0 || sct_length > length)

AFAIK `sct_length == 0` doesn't indicate end of data. You know you've reached EOD when you've read all the bytes that the length field said there are. While you're reading the SCTs, each SCT has its own length field, which is what we're reading here. And all of these should be greater than zero. AFAIK it is an error to have a zero length SCT.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1367#note_544455288
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210404/e3b330b9/attachment.html>


More information about the Gnutls-devel mailing list