ASCII NUL in certificate fields

Maxim Dounin mdounin at
Fri Feb 28 08:07:49 UTC 2014


On Thu, Feb 27, 2014 at 08:20:18PM -0800, Seth Arnold wrote:

> Hello, I'm curious if nginx has made the same mistake as CVE-2009-2408 in
> the ngx_ssl_get_subject_dn() and ngx_ssl_get_issuer_dn() functions:
> Note in the following copy-and-pastes the { /* void */ } for loops. That
> should find the end of an ASCII string but if a certificate has 0x00 bytes
> encoded in the fields, nginx may copy only a small portion of the string.
> Am I overlooking something?

Special chars are escaped by X509_NAME_oneline().

Maxim Dounin

More information about the nginx-devel mailing list