[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: solutions

From: Nikos Mavrogiannopoulos
Subject: Re: solutions
Date: Tue, 04 Aug 2009 08:23:28 +0300
User-agent: Thunderbird (X11/20090608)

Simon Josefsson wrote:

>>    return 0;
>>  }
> Hi Nikos -- this code crashed the self-tests, but I fixed that.
> However, isn't this the wrong way to address the real problem?  It seems
> callers of the function should be fixed to be careful not to assume
> decoded data does not contain NULs?

A null byte there is really malicious (why would a string contain a null
byte?). Maybe using '?' is not the right solution, though. However I
don't think the callers of this function will be safe... even the
description of it says that the string will be null terminated :(
I'd suggest to use memcpy for the cases of the gnutls_str_cpy to avoid
having certificates that return a smaller DN value...

reply via email to

[Prev in Thread] Current Thread [Next in Thread]