Bugs item #3000484, was opened at 2010-05-12 16:44
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3000484&group_id=976

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: SSL/TLS
Group: bad behaviour
Status: Open
>Resolution: Invalid
Priority: 5
Private: No
Submitted By: https://www.google.com/accounts ()
Assigned to: Daniel Stenberg (bagder)
Summary: OpenSSL verifyhost() function makes bad assumptions

Initial Comment:
In the verifyhost() function, we unconditionally do this:
        /* get data and length */
        const char *altptr = (char *)ASN1_STRING_data(check->d.ia5);
        size_t altlen = (size_t) ASN1_STRING_length(check->d.ia5);
... even when the target type is GEN_IPADD, in which case the 'ia5' member of the check->d union isn't valid. It's an ASN1_OCTET_STRING instead. You're effectively casting one type of structure to another, and it it starts crashing you get what you deserve.

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2010-05-14 21:26

Message:
I'm looking in the OpenSSL headers. Can you please explain to me exactly in
what way the data used for GEN_DNS is not exactly the same as used for
GEN_DNS so that the functions you show don't work? Sorry, but I can't see
the problem you describe.

Can you show a site/example where this is a problem?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=3000484&group_id=976
Received on 2010-05-14