Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print by acheevbhagat · Pull Request #9101 · openssl/openssl

acheevbhagat · 2019-06-07T00:07:10Z

Checklist

mspncp · 2019-06-07T06:35:22Z

crypto/x509/v3_alt.c

    case GEN_EMAIL:
-        BIO_printf(out, "email:%s", gen->d.ia5->data);
+        BIO_printf(out, "email:");
+	ASN1_STRING_print(out, gen->d.ia5);


whitespace error: replace tab by four spaces

correction: replace tab bei eight spaces (three locations)

mspncp · 2019-06-07T06:35:25Z

crypto/x509/v3_alt.c

    case GEN_DNS:
-        BIO_printf(out, "DNS:%s", gen->d.ia5->data);
+        BIO_printf(out, "DNS:");
+	ASN1_STRING_print(out, gen->d.ia5);


whitespace error: replace tab by four spaces

mspncp · 2019-06-07T06:35:32Z

crypto/x509/v3_alt.c

    case GEN_URI:
-        BIO_printf(out, "URI:%s", gen->d.ia5->data);
+        BIO_printf(out, "URI:");
+	ASN1_STRING_print(out, gen->d.ia5);


whitespace error: replace tab by four spaces

t8m · 2019-06-07T06:54:09Z

@acheevbhagat To give a hint how to do the fixups - just use git commit --fixup HEAD to commit the fixes to the PR.

mspncp

Actually, I can simply fix the whitespace errors when merging. @levitte is that ok for you?

If yes, I'll do the merge.

t-j-h

Approved with white space fixes to be handled during commit (or not as your choice).

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #9101) (cherry picked from commit bab6046)

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #9101)

mspncp · 2019-06-07T07:12:44Z

Merged. Thank you @acheevbhagat for your contribution!

bab6046 Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print [master]
7febec9 Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print [1.1.1]

t-j-h · 2019-06-07T07:41:46Z

@mspncp I think this should also go into 1.0.2 - it is a security related issue - and it applies there as well.

mspncp · 2019-06-07T08:41:07Z

@mspncp I think this should also go into 1.0.2 - it is a security related issue - and it applies there as well.

Ok, I can do it.

I already verified that commit bab6046 cherry-picks to 1.0.2 without conflicts. But before pushing it, I'd like to wait 24 hours to give other @openssl/omc members the opportunity to express their opinions about whether the change qualifies as security fix or not.

mattcaswell · 2019-06-07T08:59:54Z

Why is this a security fix?

t-j-h · 2019-06-07T09:04:13Z

Any application using the print function to compare names in certificates will match incorrectly if there is an embedded 0x00 in the ia5string. And human looking at the values will see the wrong information.

mattcaswell · 2019-06-07T09:04:51Z

Ok then.

mspncp · 2019-06-07T09:16:40Z

Given two OMC approvals for the cherry-pick, I'll reduce the waiting time to 6 hours, i.e., I'll do it this evening.

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #9101)

mspncp · 2019-06-07T17:57:53Z

And finally, merged to 1.0.2

8479e9e Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print [1.0.2]

Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from openssl#9101) (cherry picked from commit bab6046)

Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print

00aead2

acheevbhagat mentioned this pull request Jun 7, 2019

Replace BIO_printf with ASN1_STRING_print in GENERAL_NAME_print #9020

Closed

levitte approved these changes Jun 7, 2019

View reviewed changes

levitte added branch: 1.1.1 Applies to OpenSSL_1_1_1-stable branch (EOL) branch: master Applies to master branch approval: review pending This pull request needs review by a committer labels Jun 7, 2019

mspncp suggested changes Jun 7, 2019

View reviewed changes

mspncp approved these changes Jun 7, 2019

View reviewed changes

mspncp removed the approval: review pending This pull request needs review by a committer label Jun 7, 2019

t-j-h approved these changes Jun 7, 2019

View reviewed changes

mspncp added the approval: done This pull request has the required number of approvals label Jun 7, 2019

mspncp self-assigned this Jun 7, 2019

mspncp closed this Jun 7, 2019

mspncp mentioned this pull request Jun 7, 2019

GENERAL_NAME_print mishandled embedded nuls in IA5 string values #8997

Closed

mspncp reopened this Jun 7, 2019

mspncp added the branch: 1.0.2 Applies to OpenSSL_1_0_2-stable branch (EOL) label Jun 7, 2019

mspncp closed this Jun 7, 2019

Uh oh!

Conversation

acheevbhagat commented Jun 7, 2019

Checklist

Uh oh!

mspncp Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

mspncp Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

mspncp Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

mspncp Jun 7, 2019

Choose a reason for hiding this comment

Uh oh!

t8m commented Jun 7, 2019

Uh oh!

mspncp left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

t-j-h left a comment

Choose a reason for hiding this comment

Uh oh!

mspncp commented Jun 7, 2019

Uh oh!

t-j-h commented Jun 7, 2019

Uh oh!

mspncp commented Jun 7, 2019

Uh oh!

mattcaswell commented Jun 7, 2019

Uh oh!

t-j-h commented Jun 7, 2019

Uh oh!

mattcaswell commented Jun 7, 2019

Uh oh!

mspncp commented Jun 7, 2019

Uh oh!

mspncp commented Jun 7, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

mspncp left a comment •

edited

Loading