Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report bug mbedtls_x509_string_to_names #675

Closed
qipeng090 opened this issue Nov 3, 2016 · 2 comments
Closed

Report bug mbedtls_x509_string_to_names #675

qipeng090 opened this issue Nov 3, 2016 · 2 comments

Comments

@qipeng090
Copy link

qipeng090 commented Nov 3, 2016
edited
Loading

this function mbedtls_x509_string_to_names has a bug. I parser string like "CN=baidu.com,O=BeiJing Baidu Netcom Science Technology Co., Ltd,OU=service operation department." has some error. because of somethimes ‘,’ don't means the end, like "O=BeiJing Baidu Netcom Science Technology Co., Ltd,"
I change the code

int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name )
{
    int ret = 0;
    const char *s = name, *c = s;
    const char *end = s + strlen( s );
    const char *oid = NULL;
    int in_tag = 1;
    char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
    char *d = data;
    int patchyes = 1;

    /* Clear existing chain if present */
    mbedtls_asn1_free_named_data_list( head );

    while( c <= end )
    {
        if( in_tag && *c == '=' )
        {
            if( ( oid = x509_at_oid_from_name( s, c - s ) ) == NULL )
            {
                ret = MBEDTLS_ERR_X509_UNKNOWN_OID;
                goto exit;
            }

            s = c + 1;
            in_tag = 0;
            d = data;
        }

	if (strchr(c + 1, ',') != NULL) {
		if (strchr(c + 1, '=') != NULL)
			patchyes = strchr(c + 1, '=') < strchr(c + 1, ',') ? 1 : 0;
		else
			patchyes = 0;
	} else {
		patchyes = 1;
	}

        if( !in_tag && *c == '\\' && c != end )
        {
            c++;

            /* Check for valid escaped characters */
            if( c == end || *c != ',' )
            {
                ret = MBEDTLS_ERR_X509_INVALID_NAME;
                goto exit;
            }
        }
        else if( !in_tag && ( *c == ',' && patchyes || c == end ) )
        {
            if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
                                       (unsigned char *) data,
                                       d - data ) == NULL )
            {
                return( MBEDTLS_ERR_X509_ALLOC_FAILED );
            }

            while( c < end && *(c + 1) == ' ' )
                c++;

            s = c + 1;
            in_tag = 1;
        }

        if( !in_tag && s != c + 1 )
        {
            *(d++) = *c;

            if( d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE )
            {
                ret = MBEDTLS_ERR_X509_INVALID_NAME;
                goto exit;
            }
        }

        c++;
    }

exit:

    return( ret );
}

will be ok.
@jcowgill
Copy link
Contributor

jcowgill commented Nov 3, 2016

This was already discussed in #368

Since rfc4514 requires you to escape commas, I don't think your original string is valid.

@simonbutcher
Copy link
Contributor

As @jcowgill has pointed out, I don't think this is an issue in the library, so closing.

If you disagree or feel we've misunderstood the issue, please feel free to reply.

yanesca added a commit that referenced this issue Apr 14, 2020
@yanesca
Merge pull request #675 from mpg/ecc-projective-restricted
ea6af48 
Fix leakage of projective coordinates in ECC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jcowgill @simonbutcher @qipeng090