Ok, I added a couple of checks like you suggested. I modified the methods such that they return the length as obtained from ASN1_STRING_length, and this length is used instead of strlen(). Comparison is now done by first comparing if lengths are equal, and then using memcmp() between the two strings. If embedded nulls are present, comparison should fail.
Can you check and see if anything else is missing? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/925657 Title: [precise] freerdp does not check the server's hostname when verifying ssl certificates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freerdp/+bug/925657/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
