[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: GnuTLS considered harmful



Michael Ströder <michael@stroeder.com> writes:

> Simon,
>
> I know *very* little about C programming but...
>
> Simon Josefsson wrote:
>>
>> I don't think it is unreasonable for a SAN related API to work with
>> zero-terminated strings.  The typical SAN's like dNSName, rfc822Name,
>> and uniformResourceIdentifier are human readable strings.  Most
>> applications will work with the strings in zero-terminated form.
>
> ...having implemented a cert parser in Python I'd like to emphasize
> that the attitude of "Most applications will work" is for me a real
> show-stopper for deploying GnuTLS especially regarding possible
> security issues.
>
> In my project experience I saw so many PKI-enabled software packages
> crashing while handling even perfectly valid certificates (not to
> speak of mal-formed certs issued by some commercial CAs).

Sure, but this particular function takes a zero terminated string, and I
believe that this is the simplest for most applications.  Hostnames and
email addresses are typical things to prompt the user for (using APIs
like 'readline', which is what the certtool command line tool does), and
such strings are typically stored in a zero terminated string in C
applications.

For other SAN's that are binary data, and for applications that use
length-value-pairs for the data, I agree that there should be another
API as well.  There is a ticket for this, and we'll add it as soon as
possible.  I appreciate that this thread has brought up problems that we
can fix.

/Simon