oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: libesmtp does not check NULL bytes in commonName

From: ArkanoiD <ark () eltex net>
Date: Wed, 17 Mar 2010 16:26:16 +0300
Formally, they are not. But de facto they are there for a long time.

On Wed, Mar 17, 2010 at 02:23:22PM +0100, Ludwig Nussel wrote:

Brian Stafford wrote:

Since both the original and patched versions of match_component() 
implement wildcards rather less liberally than RFC 2818 implies, I 
decided to move towards the approach in the I-D.  match_component() now 
accepts either a string or a single wildcard '*'.  Matched characters 
are validated against the set of valid domain name component characters 
, that is, *.example.org will not match %.example.org, nor for that 
matter will the pattern %.example.org.  Question: should underline '_' 
be in the set of valid characters?


AFAIK underlines are not allowed in DNS. I'm sure someone knows the
RFC for that too :-)
Previous By Date Next
Previous By Thread Next

Current thread: