Possible off-by-1 in crypt32/chain.c match_common_names
Juan Lang
juan.lang at gmail.com
Thu Aug 4 08:32:36 CDT 2011
Hi William,
> trace:chain:match_common_name CN = L"*.battle.net\0000"
> warn:chain:match_domain_component domain component L"net" too short for
> L"net\0000"
That CN is coming from the certificate.
> Any thoughts or ideas on whether this is actually a bug and if so, how to
> fix it?
It's partly a bug in the certificate. x.509 states that strings do
not include a terminating NULL. Some providers erroneously include
one anyway. Whether it's a bug in Wine depends on what Microsoft
does. It's not an off-by-one bug, though: the code is working as
intended, for the moment.
As a workaround, one might check all names twice: once without the
terminating NULL (preferred), and once with it. You wouldn't want to
use strlenW on the names in the certificates. Actually doing so
throughout the code will be hard, unfortunately.
--Juan
More information about the wine-devel
mailing list