[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: solutions
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: solutions |
|
Date: |
Tue, 04 Aug 2009 08:23:28 +0300 |
|
User-agent: |
Thunderbird 2.0.0.22 (X11/20090608) |
Simon Josefsson wrote:
>> return 0;
>> }
>
> Hi Nikos -- this code crashed the self-tests, but I fixed that.
>
> However, isn't this the wrong way to address the real problem? It seems
> callers of the function should be fixed to be careful not to assume
> decoded data does not contain NULs?
A null byte there is really malicious (why would a string contain a null
byte?). Maybe using '?' is not the right solution, though. However I
don't think the callers of this function will be safe... even the
description of it says that the string will be null terminated :(
I'd suggest to use memcpy for the cases of the gnutls_str_cpy to avoid
having certificates that return a smaller DN value...
- Re: solutions, Simon Josefsson, 2009/08/03
- Re: solutions, Simon Josefsson, 2009/08/03
- Re: solutions,
Nikos Mavrogiannopoulos <=
- Re: solutions, Simon Josefsson, 2009/08/04
- Re: solutions, Nikos Mavrogiannopoulos, 2009/08/04
- Re: solutions, Simon Josefsson, 2009/08/05
- Re: solutions, Nikos Mavrogiannopoulos, 2009/08/05
- Re: solutions, Simon Josefsson, 2009/08/06
- please test imminent 2.8.x release, Simon Josefsson, 2009/08/06
- Re: please test imminent 2.8.x release, Tim Kosse, 2009/08/07
- Re: please test imminent 2.8.x release, Simon Josefsson, 2009/08/10
- Re: please test imminent 2.8.x release, Tomas Hoger, 2009/08/10
- Re: please test imminent 2.8.x release, Simon Josefsson, 2009/08/10