oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 17 Mar 2010 14:23:22 +0100
Brian Stafford wrote:
Since both the original and patched versions of match_component() implement wildcards rather less liberally than RFC 2818 implies, I decided to move towards the approach in the I-D. match_component() now accepts either a string or a single wildcard '*'. Matched characters are validated against the set of valid domain name component characters , that is, *.example.org will not match %.example.org, nor for that matter will the pattern %.example.org. Question: should underline '_' be in the set of valid characters?
AFAIK underlines are not allowed in DNS. I'm sure someone knows the RFC for that too :-) cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- Re: CVE Request: libesmtp does not check NULL bytes in commonName, (continued)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Peter Sylvester (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 17)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Geoff Keating (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Joe Orton (Mar 11)