[Openswan dev] Re: PATCH: X.509 Off by one bug in crl processing
(aka crl.pem crash bug)
Andreas Steffen
andreas.steffen at strongsec.com
Wed Apr 21 12:34:48 CEST 2004
Yeah, this *is* actually the bug that was introduced by changes in
openswan-2. Ken and I walked through it yesterday. Since CRL_PATH
is not a string constant anymore but a char pointer, sizeof(CRL_PATH)
resolves in fact to 4/8 bytes. So my proposal shown below to switch
to strlen(CRL_PATH) proved to be the correct fix for the CRL crashes
in openswan-2.
The X.509 patches and strongSwan never experienced theses crashes
because CRL_PATH remained a string constant the size of which can
be determined using sizeof() during compile time.
Regards
Andreas
Kurt Garloff wrote:
> On Tue, Apr 20, 2004 at 10:09:19AM +0200, Andreas Steffen wrote:
>
>>In openswan-2 the header file certs.h defines
>>
>> #define CRL_PATH plutopaths.crls.path
>
>
> Is it a pointer char* ?
> Then sizeof will happily report 4 (32bit archs) or 8 (64bit), which is
> most likely not your intention.
>
>
>>I don't know if sizeof(CRL_PATH) will still give the correct result
>>because the content of plutopaths.crls.path is assigned dynamically in log.c
>>during runtime. Probably a safer approach would be
>>
>>- crl_uri.len = 7 + sizeof(CRL_PATH) + strlen(filename);
>>+ crl_uri.len = 8 + strlen(CRL_PATH) + strlen(filename);
>
=======================================================================
Andreas Steffen e-mail: andreas.steffen at strongsec.com
strongSec GmbH home: http://www.strongsec.com
Alter Zürichweg 20 phone: +41 1 730 80 64
CH-8952 Schlieren (Switzerland) fax: +41 1 730 80 65
==========================================[strong internet security]===
More information about the Dev
mailing list