diff -up gnutls-1.4.1/lib/minitasn1/decoding.c.decoding gnutls-1.4.1/lib/minitasn1/decoding.c --- gnutls-1.4.1/lib/minitasn1/decoding.c.decoding 2006-05-10 19:13:20.000000000 +0200 +++ gnutls-1.4.1/lib/minitasn1/decoding.c 2009-08-20 17:41:31.000000000 +0200 @@ -227,24 +227,25 @@ _asn1_get_time_der (const unsigned char -void +static int _asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len, char *str, int str_size) { int len_len, len, k; + int leading; char temp[20]; - unsigned long val, val1; + unsigned long val, val1, prev_val; *ret_len = 0; if (str && str_size > 0) str[0] = 0; /* no oid */ if (str == NULL || der_len <= 0) - return; + return ASN1_GENERIC_ERROR; len = asn1_get_length_der (der, der_len, &len_len); if (len < 0 || len > der_len || len_len > der_len) - return; + return ASN1_DER_ERROR; val1 = der[len_len] / 40; val = der[len_len] - val1 * 40; @@ -253,19 +254,38 @@ _asn1_get_objectid_der (const unsigned c _asn1_str_cat (str, str_size, "."); _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); + prev_val = 0; val = 0; + leading = 1; for (k = 1; k < len; k++) { + + + /* X.690 mandates that the leading byte must never be 0x80 + */ + if (leading != 0 && der[len_len + k] == 0x80) return ASN1_DER_ERROR; + leading = 0; + + /* check for wrap around */ val = val << 7; val |= der[len_len + k] & 0x7F; + + if (val < prev_val) return ASN1_DER_ERROR; + + prev_val = val; + if (!(der[len_len + k] & 0x80)) { _asn1_str_cat (str, str_size, "."); _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); val = 0; + prev_val = 0; + leading = 1; } } *ret_len = len + len_len; + + return ASN1_SUCCESS; } diff -up gnutls-1.4.1/lib/x509/common.c.decoding gnutls-1.4.1/lib/x509/common.c --- gnutls-1.4.1/lib/x509/common.c.decoding 2006-04-04 14:28:44.000000000 +0200 +++ gnutls-1.4.1/lib/x509/common.c 2009-08-20 17:41:31.000000000 +0200 @@ -239,6 +239,10 @@ _gnutls_x509_oid_data2string (const char { str[len] = 0; + /* Refuse to deal with strings containing NULs. */ + if (strlen (str) != len) + return GNUTLS_E_ASN1_DER_ERROR; + if (res) _gnutls_str_cpy (res, *res_size, str); *res_size = len; @@ -288,22 +292,25 @@ _gnutls_x509_oid_data2string (const char non_printable = 0; } - if (res) + if (non_printable == 0) { - if (non_printable == 0) - { - str[len] = 0; - _gnutls_str_cpy (res, *res_size, str); - *res_size = len; - } - else + str[len] = 0; + + /* Refuse to deal with strings containing NULs. */ + if (strlen (str) != len) + return GNUTLS_E_ASN1_DER_ERROR; + + if (res) + _gnutls_str_cpy (res, *res_size, str); + *res_size = len; + } + else + { + result = _gnutls_x509_data2hex (str, len, res, res_size); + if (result < 0) { - result = _gnutls_x509_data2hex (str, len, res, res_size); - if (result < 0) - { - gnutls_assert (); - return result; - } + gnutls_assert (); + return result; } } diff -up gnutls-1.4.1/lib/x509/dn.c.decoding gnutls-1.4.1/lib/x509/dn.c --- gnutls-1.4.1/lib/x509/dn.c.decoding 2006-04-04 14:28:45.000000000 +0200 +++ gnutls-1.4.1/lib/x509/dn.c 2009-08-20 17:41:31.000000000 +0200 @@ -239,7 +239,8 @@ _gnutls_x509_parse_dn (ASN1_TYPE asn1_st ldap_desc = oid2ldap_string (oid); printable = _gnutls_x509_oid_data_printable (oid); - sizeof_escaped = 2 * len + 1; + /* leading #, hex encoded value and terminating NULL */ + sizeof_escaped = 2 * len + 2; escaped = gnutls_malloc (sizeof_escaped); if (escaped == NULL) diff -up gnutls-1.4.1/lib/x509/rfc2818_hostname.c.decoding gnutls-1.4.1/lib/x509/rfc2818_hostname.c --- gnutls-1.4.1/lib/x509/rfc2818_hostname.c.decoding 2006-03-21 17:11:25.000000000 +0100 +++ gnutls-1.4.1/lib/x509/rfc2818_hostname.c 2009-08-20 17:41:31.000000000 +0200 @@ -118,7 +118,8 @@ gnutls_x509_crt_check_hostname (gnutls_x if (ret == GNUTLS_SAN_DNSNAME) { found_dnsname = 1; - if (_gnutls_hostname_compare (dnsname, hostname)) + if (strlen(dnsname) == dnsnamesize && /* ignore dnsname with NUL characters */ + _gnutls_hostname_compare (dnsname, hostname)) { return 1; } @@ -136,10 +137,11 @@ gnutls_x509_crt_check_hostname (gnutls_x { /* got an error, can't find a name */ - return 1; + return 0; } - if (_gnutls_hostname_compare (dnsname, hostname)) + if (strlen(dnsname) == dnsnamesize && /* ignore dnsname with NUL characters */ + _gnutls_hostname_compare (dnsname, hostname)) { return 1; } diff -up gnutls-1.4.1/src/common.c.decoding gnutls-1.4.1/src/common.c --- gnutls-1.4.1/src/common.c.decoding 2006-07-10 23:09:09.000000000 +0200 +++ gnutls-1.4.1/src/common.c 2009-08-20 17:41:08.000000000 +0200 @@ -88,7 +88,7 @@ print_x509_info (gnutls_session session, { gnutls_x509_crt crt; const gnutls_datum *cert_list; - size_t cert_list_size = 0; + unsigned int cert_list_size = 0; int ret; char digest[20]; char serial[40]; @@ -111,7 +111,7 @@ print_x509_info (gnutls_session session, return; } - printf (" - Got a certificate list of %d certificates.\n\n", + printf (" - Got a certificate list of %u certificates.\n\n", cert_list_size); for (j = 0; j < (unsigned int) cert_list_size; j++)