This is a multi-part message in MIME format.
--------------060905090106040506040806
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
quanah@zimbra.com wrote:
Full_Name: Quanah Gibson-Mount
Version: 2.4.17
OS: NA
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (75.111.29.239)
GnuTLS fails to parse certain subjectAltNames and returns spurious SHORT_BUFFER
error.
We passed in a buffer size of 1025, and it's internally overwriting it with a
size of only 31 and then complaining that 31 is too small
The bug was reported against Ubuntu jaunty originally, and still exists in
current GnuTLS git. So it appears to affect at least 2.4.2-present. The fix is
trivial and is attached below. I will also submit this to the GnuTLS bug tracker.
--
-- Howard Chu
CTO, Symas Corp.
http://www.symas.com
Director, Highland Sun
http://highlandsun.com/hyc/
Chief Architect, OpenLDAP
http://www.openldap.org/project/
--------------060905090106040506040806
Content-Type: text/x-patch;
name="0001-Fix-XMPP-parsing.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="0001-Fix-XMPP-parsing.patch"
>From 436824d8b8a908860688354841b4b082d4239157 Mon Sep 17 00:00:00 2001
From: Howard Chu
hyc@symas.com
Date: Wed, 12 Aug 2009 15:48:02 -0700
Subject: [PATCH] Fix XMPP parsing
---
lib/x509/x509.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index 048ff89..e15531e 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -1011,6 +1011,7 @@ _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
return _gnutls_asn2err (result);
}
+ len = *name_size;
result = asn1_read_value (c2, "", name, &len);
*name_size = len;
if (result != ASN1_SUCCESS)
--
1.6.3.rc3
--------------060905090106040506040806--
hyc@symas.com