oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: Brian Stafford <brian () stafford uklinux net>
Date: Wed, 17 Mar 2010 14:00:43 +0000
Ludwig Nussel wrote:
They are permitted in some contexts but not in actual domain names, for example a SRV record question to a name server contains stuff like _smtp._tcp.host.example.org The host.example.org section is forbidden from using _ but obviously the name server itself supports it so it can handle the _smtp._tcp components. I am assuming that since we're validating domain names and not name server queries, the _ is forbidden but if anyone out there can clarify it might be useful :-)Brian Stafford wrote:Since both the original and patched versions of match_component() implement wildcards rather less liberally than RFC 2818 implies, I decided to move towards the approach in the I-D. match_component() now accepts either a string or a single wildcard '*'. Matched characters are validated against the set of valid domain name component characters , that is, *.example.org will not match %.example.org, nor for that matter will the pattern %.example.org. Question: should underline '_' be in the set of valid characters?AFAIK underlines are not allowed in DNS. I'm sure someone knows the RFC for that too :-)
cu Ludwig
Brian
Current thread:
- Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)