[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: Bug#505279: libgnutls26: segfault in _gnutls_x509_crt_get_raw_dn2 |
Date: |
Wed, 12 Nov 2008 15:37:35 +0200 |
On Wed, Nov 12, 2008 at 12:15 PM, Simon Josefsson <address@hidden> wrote:
>> You mean just removing this code snippet instead of moving it?
>>
>> /* Check if the last certificate in the path is self signed.
>> * In that case ignore it (a certificate is trusted only if it
>> * leads to a trusted party by us, not the server's).
>> */
>> if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
>> certificate_list[clist_size - 1]) > 0
>> && clist_size > 0)
>> {
>> clist_size--;
>> }
>
> Yes.
>
>> Yes, this works. However, I wonder whether this code has any use.
> Getting Nikos' comment on this would be useful. I guess we have two
> choices:
>
> 1) Remove the code. Fixes both crash and vulnerability.
My suggestion is to remove the offending code.
regards,
Nikos