cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker mailing list Archives

[ curl-Bugs-3000484 ] OpenSSL verifyhost() function makes bad assumptions

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 18 May 2010 21:16:45 +0000

Bugs item #3000484, was opened at 2010-05-12 16:44
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3000484&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: bad behaviour
>Status: Pending
Resolution: Invalid
Priority: 5
Private: No
Submitted By: https://www.google.com/accounts ()
Assigned to: Daniel Stenberg (bagder)
Summary: OpenSSL verifyhost() function makes bad assumptions

Initial Comment:
In the verifyhost() function, we unconditionally do this:
        /* get data and length */
        const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
... even when the target type is GEN_IPADD, in which case the 'ia5' member of the check->d union isn't valid. It's an ASN1_OCTET_STRING instead. You're effectively casting one type of structure to another, and it it starts crashing you get what you deserve.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-05-18 23:16

Message:
Thanks for reporting this issue and helping us improve curl and libcurl.

We're awaiting feedback in this issue. Due to this, I have set the state
of this issue to pending and it will automatically get closed later on
unless we get further info.

Please consider answering the outstanding questions or providing the
missing info so that we can proceed to resolve this issue!

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2010-05-14 21:26

Message:
I'm looking in the OpenSSL headers. Can you please explain to me exactly in
what way the data used for GEN_DNS is not exactly the same as used for
GEN_DNS so that the functions you show don't work? Sorry, but I can't see
the problem you describe.

Can you show a site/example where this is a problem?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3000484&group_id=976
Received on 2010-05-18

These mail archives are generated by hypermail.

donate! Page updated November 12, 2010.
web site info

File upload with ASP.NET