oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: ArkanoiD <ark () eltex net>
Date: Wed, 17 Mar 2010 16:26:16 +0300
Formally, they are not. But de facto they are there for a long time. On Wed, Mar 17, 2010 at 02:23:22PM +0100, Ludwig Nussel wrote:
Brian Stafford wrote:Since both the original and patched versions of match_component() implement wildcards rather less liberally than RFC 2818 implies, I decided to move towards the approach in the I-D. match_component() now accepts either a string or a single wildcard '*'. Matched characters are validated against the set of valid domain name component characters , that is, *.example.org will not match %.example.org, nor for that matter will the pattern %.example.org. Question: should underline '_' be in the set of valid characters?AFAIK underlines are not allowed in DNS. I'm sure someone knows the RFC for that too :-)
Current thread:
- Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)