GNU bug report logs - #31946
27.0.50; The NSM should warn about more TLS problems

Previous Next

Package: emacs;

Reported by: Lars Ingebrigtsen <larsi <at> gnus.org>

Date: Sat, 23 Jun 2018 10:39:02 UTC

Severity: normal

Tags: fixed, security

Found in version 27.0.50

Fixed in version 27.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #113 received at 31946 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Noam Postavsky <npostavs <at> gmail.com>
Cc: 31946 <at> debbugs.gnu.org
Subject: Re: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Sun, 08 Jul 2018 20:36:58 +0200

And this it the patch.  It'd have to be cleaned up and autoconfiged, of
course, if this turns out to be the way to go.  (And who's
responsibility is it to clean up the data in &issuer anyway?  I can't
use gnutls_free, because the datum itself shouldn't be freed...)

diff --git a/src/gnutls.c b/src/gnutls.c
index dfbbecfc87..69b64ae96d 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1031,6 +1031,16 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
     }
 
   /* Issuer. */
+#if 1
+  {
+    gnutls_datum_t issuer;
+    err = gnutls_x509_crt_get_issuer_dn3 (cert, &issuer, 0);
+    if (err >= GNUTLS_E_SUCCESS)
+      res = nconc2 (res, list2 (intern (":issuer"),
+				make_string ((char *) issuer.data,
+					     issuer.size)));
+  }
+#else
   buf_size = 0;
   err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &buf_size);
   check_memory_full (err);
@@ -1044,6 +1054,7 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
 				  make_string (dn, buf_size)));
       xfree (dn);
     }
+#endif
 
   /* Validity. */
   {
@@ -1062,6 +1073,16 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
   }
 
   /* Subject. */
+#if 1
+  {
+    gnutls_datum_t subject;
+    err = gnutls_x509_crt_get_dn3 (cert, &subject, 0);
+    if (err >= GNUTLS_E_SUCCESS)
+      res = nconc2 (res, list2 (intern (":subject"),
+				make_string ((char *) subject.data,
+					     subject.size)));
+  }
+#else
   buf_size = 0;
   err = gnutls_x509_crt_get_dn (cert, NULL, &buf_size);
   check_memory_full (err);
@@ -1075,6 +1096,7 @@ gnutls_certificate_details (gnutls_x509_crt_t cert)
 				  make_string (dn, buf_size)));
       xfree (dn);
     }
+#endif
 
   /* SubjectPublicKeyInfo. */
   {


-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 328 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.