Howard Chu <hyc(a)symas.com> writes:
Simon Josefsson wrote:
> Howard Chu<hyc(a)symas.com> writes:
>> I strongly recommend that GnuTLS not be used. All of its APIs would
>> need to be overhauled to correct its flaws and it's clear that the
>> developers there are too naive and inexperienced to even understand
>> that it's broken.
> I looked at the X.509 API's (x509.h) and I couldn't find any other that
> didn't take buffer length arguments. I didn't look carefully though.
> There is 1 (one) use of 'strcat' in the X.509 code, and it looks correct
> to me. There was 20 uses of 'strlen' in the X.509 code, and I went over
> the first matches but when they looked correct I didn't look further.
> (For reference, the X.509 code size is around 21000 lines of code.)
> If you can give more details, that would be appreciated.
And while we're at it, x509/x509.c uses memmem() which on my system says:
This function is a GNU extension.
This function was broken in Linux libraries up to and
including libc 5.0.9; there the
`needle' and `haystack' arguments were interchanged, and a
pointer to the end of the first
occurrence of needle was returned. Since libc 5.0.9 is still
widely used, this is a dan‐
gerous function to use.
Both old and new libc's have the bug that if needle is
empty haystack-1 (instead of
haystack) is returned. And glibc 2.0 makes it worse, and
returns a pointer to the last
byte of `haystack'. This is fixed in glibc 2.1.
While I would expect that most Linux sites are running something newer
than glibc 2.1 these days, it's still a poor choice to use a
GNU-specific library function in portable code. Not all the world runs
Linux. I've been involved with the FSF since 1988 and I still have to
accept the fact that the GNU way isn't the only way.
GnuTLS is intended to work best on GNU systems, so we use extensions
like memmem. To be compatible, GnuTLS uses gnulib, which contains a
memmem replacement for those systems that doesn't have memmem, or where
it is buggy. See lgl/m4/memmem.m4 for the autoconf test, and
lgl/memmem.c for the replacement code, which is used on all non-GNU
The use of memmem was actually introduced a few years ago (by me) to
clean up the earlier ad-hoc code that used strnstr instead (which,
incidentally wouldn't handle embedded NUL's). Glibc 2.1 was released in
-99, before the GnuTLS project was even started.