Bug#1071480: libldap: sends some IPv6 addresses as server name
Elliott Mitchell
ehem+debian at m5p.com
Tue May 21 05:50:15 BST 2024
On Mon, May 20, 2024 at 04:25:57PM -0700, Quanah Gibson-Mount wrote:
>
> --On Monday, May 20, 2024 3:45 PM -0700 Elliott Mitchell
> <ehem+debian at m5p.com> wrote:
>
> Side note - I did raise this issue with the rest of the OpenLDAP project,
> and Howard noted:
>
> "DNS names are required to begin with a letter. RFC 1035, sec 2.3.1. The
> fact that gnutls allows names that are all numeric is certainly their bug".
>
> So I guess two bugs here.
According to what I found, that requirement was removed. This doesn't
invalidate the fact that no top-level domain consists exclusively of
numbers (in fact I'm pretty sure none have any numbers).
I'm proposing checking only for nul-characters and passing everything
else through. Principle being anything handling SNI must handle the
case of a string which fails to match a known entry. If a server program
chose to honor strings which violate RFC 6066, GnuTLS doesn't need to get
in the way of that. Simply terminating the connection really isn't to
helpful (it could simply be a bug).
--
(\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/)
\BS ( | ehem+sigmsg at m5p.com PGP 87145445 | ) /
\_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/
8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
More information about the Pkg-openldap-devel
mailing list