Hello.
I found a possible crash of Pluto. Please, check it.
OCSP response contains a choice.
ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }
Assume, we got byKey choice. Then:
In pluto/ocsp.c: in function valid_ocsp_response:
authcert = get_authcert(res->responder_id_name, res->responder_id_key,
X509_OCSP_SIGNER | X509_CA);
In our case res->responder_id_name will be NULL.
In pluto/ca.c: in function get_authcert:
if (keyid.ptr)
{
chunk_t subjectKeyId;
subjectKeyId = x509->get_subjectKeyIdentifier(x509);
if (subjectKeyId.ptr && !chunk_equals(keyid, subjectKeyId))
{
continue;
}
}
/* compare the subjectDistinguishedNames */
if (!certificate->has_subject(certificate, subject))
{
continue;
}
In our case we will call certificate->has_subject(certificate, NULL).
Because subject is NULL.
In libstrongswan/plugins/x509/x509_cert.c: has_subject:
We use the subject pointer in the first code line:
if (subject->get_type(subject) == ID_KEY_ID)
And the subject is NULL.
Am I right? Or maybe I missed something. I haven't found any other place of
setting res->responder_id_name, but in parsing function.
And if we got byKey choice - res->responder_id_name will remain in NULL. Right?
Best regards, Vladimir
_______________________________________________
Dev mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/dev
