oss-sec mailing list archives

Re: CVE Request: libesmtp does not check NULL bytes in commonName

From: Peter Sylvester <Peter.Sylvester () edelweb fr>
Date: Tue, 16 Mar 2010 14:41:52 +0100


Doesn't that lack a null byte check for subjAltNames?


The patch seems broken to me:
X509_NAME_get_text_by_NID gets the "highest" one, not the leaf value.
In case of two common names, this is wrong.

So instead of
int l = X509_NAME_get_text_by_NID (X509_get_subject_name (cert),
                            NID_commonName, buf, sizeof buf);

one needs something like:

   X509_NAME *name = X509_get_subject_name(cert) ;
    if(name)
      while((j=X509_NAME_get_index_by_NID(name,NID_commonName,i))>=0)
        i=j;

Current thread:

Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- - - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 10)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)

(Thread continues...)