oss-sec mailing list archives

Re: CVE Request: libesmtp does not check NULL bytes in commonName

From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 17 Mar 2010 14:23:22 +0100

Brian Stafford wrote:

Since both the original and patched versions of match_component() 
implement wildcards rather less liberally than RFC 2818 implies, I 
decided to move towards the approach in the I-D.  match_component() now 
accepts either a string or a single wildcard '*'.  Matched characters 
are validated against the set of valid domain name component characters 
, that is, *.example.org will not match %.example.org, nor for that 
matter will the pattern %.example.org.  Question: should underline '_' 
be in the set of valid characters?


AFAIK underlines are not allowed in DNS. I'm sure someone knows the
RFC for that too :-)

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Current thread:

Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- - - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
    - Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Steven M. Christey (Mar 30)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Emily Ratliff (Mar 17)