ASCII NUL in certificate fields
Maxim Dounin
mdounin at mdounin.ru
Fri Feb 28 08:07:49 UTC 2014
Hello!
On Thu, Feb 27, 2014 at 08:20:18PM -0800, Seth Arnold wrote:
> Hello, I'm curious if nginx has made the same mistake as CVE-2009-2408 in
> the ngx_ssl_get_subject_dn() and ngx_ssl_get_issuer_dn() functions:
>
> Note in the following copy-and-pastes the { /* void */ } for loops. That
> should find the end of an ASCII string but if a certificate has 0x00 bytes
> encoded in the fields, nginx may copy only a small portion of the string.
>
> Am I overlooking something?
Special chars are escaped by X509_NAME_oneline().
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list