> On 20 Sep 2023, at 10:58, Daniel Gustafsson wrote:
>> On 20 Sep 2023, at 10:55, Sergey Shinderuk
>> wrote:
>> There is a typo: upon en error. Otherwise, looks good to me. Thank you.
>
> Thanks, will fix before pushing.
I've applied this down to v15 now and the buildfarm have green builds on
> On 20 Sep 2023, at 10:55, Sergey Shinderuk wrote:
>
> On 20.09.2023 11:42, Daniel Gustafsson wrote:
>> Attached is a v2 on top of HEAD with commit message etc, which I propose to
>> backpatch to v15 where it was introduced.
> There is a typo: upon en error. Otherwise, looks good to me. Thank yo
On 20.09.2023 11:42, Daniel Gustafsson wrote:
Attached is a v2 on top of HEAD with commit message etc, which I propose to
backpatch to v15 where it was introduced.
There is a typo: upon en error. Otherwise, looks good to me. Thank you.
--
Sergey Shinderukhttps://postgrespro.com
> On 19 Sep 2023, at 10:06, Sergey Shinderuk wrote:
>
> On 19.09.2023 03:54, Michael Paquier wrote:
>> One doubt that I have is if we shouldn't let X509_NAME_print_ex() be
>> as it is now, and not force a failure on the bio if this calls fails.
>
> If malloc fails inside X509_NAME_print_ex, then
On 19.09.2023 03:54, Michael Paquier wrote:
One doubt that I have is if we shouldn't let X509_NAME_print_ex() be
as it is now, and not force a failure on the bio if this calls fails.
If malloc fails inside X509_NAME_print_ex, then we will be left with
empty port->peer_dn. Here is a gdb sessio
On Mon, Sep 18, 2023 at 02:35:28PM +0200, Daniel Gustafsson wrote:
> Certificates can be regenerated with the buildsystem, which ideally would
> apply
> to this cert as well, but if that's not feasible we can perhaps accept a
> static
> one with build information detailed in the README. Having s
> On 28 Aug 2023, at 19:39, Sergey Shinderuk wrote:
> I'll try to add a client certificate lacking a CN to the SSL test suite.
Certificates can be regenerated with the buildsystem, which ideally would apply
to this cert as well, but if that's not feasible we can perhaps accept a static
one with
On 28.08.2023 18:12, Jacob Champion wrote:
On Thu, Aug 24, 2023 at 6:25 PM Michael Paquier wrote:
LD_PRELOAD is the only thing I can think about, but that's very fancy.
Even with that, having a certificate with a NULL peer_cn could prove
to be useful in the SSL suite to stress more patterns aro
On Thu, Aug 24, 2023 at 6:25 PM Michael Paquier wrote:
> LD_PRELOAD is the only thing I can think about, but that's very fancy.
> Even with that, having a certificate with a NULL peer_cn could prove
> to be useful in the SSL suite to stress more patterns around it?
+1. Last we tried it, OpenSSL d
On Thu, Aug 24, 2023 at 12:13:18PM +0300, Sergey Shinderuk wrote:
> But I need to force malloc to fail at the right time during the test. I
> don't think I can make a stable and portable test from this.
LD_PRELOAD is the only thing I can think about, but that's very fancy.
Even with that, having a
On 24.08.2023 11:38, Daniel Gustafsson wrote:
On 24 Aug 2023, at 10:11, Sergey Shinderuk wrote:
I triggered a crash by generating a certificate without a CN and forcing malloc
to return NULL when called from X509_NAME_print_ex or BIO_get_mem_ptr with gdb.
Can you extend the patch with that
> On 24 Aug 2023, at 10:11, Sergey Shinderuk wrote:
>
> On 23.08.2023 16:23, Daniel Gustafsson wrote:
>>> On 1 Aug 2023, at 16:44, Sergey Shinderuk
>>> wrote:
>>> A static analyzer reported a possible pfree(NULL) in be_tls_open_server().
>> This has the smell of a theoretical problem, I can't r
On 23.08.2023 16:23, Daniel Gustafsson wrote:
On 1 Aug 2023, at 16:44, Sergey Shinderuk wrote:
A static analyzer reported a possible pfree(NULL) in be_tls_open_server().
This has the smell of a theoretical problem, I can't really imagine a
certificate where which would produce this. Have y
> On 23 Aug 2023, at 23:47, Jacob Champion wrote:
>
> On Wed, Aug 23, 2023 at 6:23 AM Daniel Gustafsson wrote:
>> This has the smell of a theoretical problem, I can't really imagine a
>> certificate where which would produce this. Have you been able to trigger
>> it?
>>
>> Wouldn't a better f
On Wed, Aug 23, 2023 at 6:23 AM Daniel Gustafsson wrote:
> This has the smell of a theoretical problem, I can't really imagine a
> certificate where which would produce this. Have you been able to trigger it?
>
> Wouldn't a better fix be to error out on len == -1 as in the attached, maybe
> with
> On 1 Aug 2023, at 16:44, Sergey Shinderuk wrote:
> A static analyzer reported a possible pfree(NULL) in be_tls_open_server().
This has the smell of a theoretical problem, I can't really imagine a
certificate where which would produce this. Have you been able to trigger it?
Wouldn't a better
Hi,
A static analyzer reported a possible pfree(NULL) in
be_tls_open_server(). Here is a fix. Also handle an error from
X509_NAME_print_ex().
AFAICS, the error "SSL certificate's distinguished name contains
embedded null" could not be reached at all, because XN_FLAG_RFC2253
passed to X509_N
17 matches
Mail list logo
