oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: Brian Stafford <brian () stafford uklinux net>
Date: Tue, 16 Mar 2010 18:17:23 +0000
Ludwig Nussel wrote:
You're right. I'll look over your patch again. One small issue I have is that declarations are interspersed with code which is not standard pre-C99, although if speed is of the essence this can be ignored as I will get an official libESMTP release out soon.Brian Stafford wrote:Ludwig Nussel wrote:Brian Stafford wrote:I think the best approach is to apply Pawel's patch as this is theI must have missed that patch. Could you re-post it?It's available at https://bugzilla.redhat.com/attachment.cgi?id=399131Doesn't that lack a null byte check for subjAltNames? cu Ludwig
Regards Brian
Current thread:
- Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)