Re: Fwd: GNU Libtasn1 2.12 released

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: GNU Libtasn1 2.12 released

From:	Simon Josefsson
Subject:	Re: Fwd: GNU Libtasn1 2.12 released
Date:	Tue, 20 Mar 2012 12:43:10 +0100
User-agent:	Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.94 (gnu/linux)

Tomas Hoger <address@hidden> writes:

> Nikos Mavrogiannopoulos writes:
>
>> Note that the bug fixed affects all gnutls versions.
>
> Nikos, should the above be read as "all gnutls versions include
> libtasn1 versions affected by this problem" or "gnutls uses
> asn1_get_length_der incorrectly too"?  Have you managed to
> confirm the issue in gnutls and can possibly comment on known
> possible impacts (e.g. TLS client can trigger this on TLS server
> by providing a crafted client certificate during handshake)?

There is a self-test in GnuTLS about this, see
tests/suite/invalid-cert*.  It contains a crafted cert which triggers
the bug, to cause a crash.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

Fwd: GNU Libtasn1 2.12 released, Nikos Mavrogiannopoulos, 2012/03/19
- Re: Fwd: GNU Libtasn1 2.12 released, Tomas Hoger, 2012/03/20
  - Re: Fwd: GNU Libtasn1 2.12 released, Simon Josefsson <=
  - Re: Fwd: GNU Libtasn1 2.12 released, Nikos Mavrogiannopoulos, 2012/03/20

Prev by Date: Re: Fwd: GNU Libtasn1 2.12 released
Next by Date: Re: Fwd: GNU Libtasn1 2.12 released
Previous by thread: Re: Fwd: GNU Libtasn1 2.12 released
Next by thread: Re: Fwd: GNU Libtasn1 2.12 released
Index(es):
- Date
- Thread