[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#781745: marked as done (libwvstreams4.6-extras: Not handling whitespace in x509 extensions)



Your message dated Sat, 03 Feb 2024 23:35:49 +0000
with message-id <E1rWPY5-001bbv-CP@fasolo.debian.org>
and subject line Bug#781745: fixed in wvstreams 4.6.1-17
has caused the Debian Bug report #781745,
regarding libwvstreams4.6-extras: Not handling whitespace in x509 extensions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
781745: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781745
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: libwvstreams4.6-extras
Version: 4.6.1-5
Severity: normal

Dear Maintainer,

When using wvx509, and calling the get_ocsp or get_crl_urls methods the URI lines are not parsed properly if there is leading whitespace.

Example line: "  URI:ldap://ldap01.dimc.dhs.gov/cn=CRL3167,ou=DHS%20CA4,ou=Certification%20Authorities,ou=Department%20of%20Homeland%20Security,o=U.S.%20Government,c=US?certificateRevocationList";

In the parse_stack method there is a check for the prefix: "if (strstr(stack_entry, prefix))"
and then a modification of the line to move the string pointer past that prefix: "WvString uri(stack_entry.edit() + prefix.len());"

This logic doesn't take into account the leading whitespace (which should be trimmed according to the RFC), and returns a bad string.

Actual returned string: "I:ldap://ldap01.dimc.dhs.gov/cn=CRL3167,ou=DHS%20CA4,ou=Certification%20Authorities,ou=Department%20of%20Homeland%20Security,o=U.S.%20Government,c=US?certificateRevocationList";
Expected string: "ldap://ldap01.dimc.dhs.gov/cn=CRL3167,ou=DHS%20CA4,ou=Certification%20Authorities,ou=Department%20of%20Homeland%20Security,o=U.S.%20Government,c=US?certificateRevocationList";

The strings in the parse_stack method should be trimmed of leading and trailing whitespace before the modification. I'm not sure the best way to do this with the libraries given.

-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libwvstreams4.6-extras depends on:
ii  libc6                 2.13-38+deb7u8
ii  libdbus-1-3           1.6.8-1+deb7u6
ii  libgcc1               1:4.7.2-5
ii  libpam0g              1.1.3-7.1
ii  libssl1.0.0           1.0.1e-2+deb7u16
ii  libstdc++6            4.7.2-5
ii  libwvstreams4.6-base  4.6.1-5
ii  zlib1g                1:1.2.7.dfsg-13

libwvstreams4.6-extras recommends no packages.

libwvstreams4.6-extras suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
Source: wvstreams
Source-Version: 4.6.1-17
Done: Bastian Germann <bage@debian.org>

We believe that the bug you reported is fixed in the latest version of
wvstreams, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 781745@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Germann <bage@debian.org> (supplier of updated wvstreams package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 03 Feb 2024 22:43:16 +0000
Source: wvstreams
Architecture: source
Version: 4.6.1-17
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Bastian Germann <bage@debian.org>
Closes: 781745 1046700
Changes:
 wvstreams (4.6.1-17) unstable; urgency=medium
 .
   * QA upload.
   * Run dh_autreconf. (Closes: #1046700)
   * Trim URI whitespace according to RFC. (Closes: #781745)
   * d/copyright: Convert to machine-readable format.
   * Add public domain statement for ftpparse.
Checksums-Sha1:
 54b152159dcdb1cdca32e8290630f693673c3c66 2026 wvstreams_4.6.1-17.dsc
 88aa9075fffdb928f1221d6c6c9ef1c44960cbc0 20308 wvstreams_4.6.1-17.debian.tar.xz
 7dea6eb80a905c57cc9f9cd37de09dd83bb04ca7 8303 wvstreams_4.6.1-17_source.buildinfo
Checksums-Sha256:
 2bbc1fe628947c52b17e2ef1a899e12583058d8964ba7dd67f16d7fb325be0b7 2026 wvstreams_4.6.1-17.dsc
 82f447d9f674d1478473f7d55daae45c0e255784eaa5b4c5b035ed8a656bc4e0 20308 wvstreams_4.6.1-17.debian.tar.xz
 b0d16025adbfdf2ba8025eb0e42782bf24110fea2ee23e1f9ebb53fc4899a04d 8303 wvstreams_4.6.1-17_source.buildinfo
Files:
 ca9097d21afea4094bf74c74209be974 2026 libs optional wvstreams_4.6.1-17.dsc
 a038091d57c7a5f54ae560e23c3ff3d1 20308 libs optional wvstreams_4.6.1-17.debian.tar.xz
 bfc3af573df0093a45f8b41ddc49fada 8303 libs optional wvstreams_4.6.1-17_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmW+yI0QHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFISLC/0cVYpIk5AarlkFy7tzd1KpcpZHfoOTHI2M
ExAuxq6De5cMqQRYkfl4wzBYzg7ivhFsmsIXVyZBWQBAGt+Ke5vQ0V8Lh6z6JLC1
Y3lax/YOxdPdJEAFj7vak+bHpCtRqNyH/Fn5ioBS3aV4UhUtH0wb9doPYXSzEyqv
A5qT6TFNWqw6eys8BqG+gliOUruczhtLsmVlKYlw4/u+7BVpldKr0rAxjAY1rzjp
xqI1SKAVzmYYMVGdSZmITDJ1IC371YUV9xU4ZBgkyW1vD5NgqMeLLBIcK1+H7Sir
xpDFLm7en0G5UKJUZHLGRqal3gKj7Y5FKE/IVIXJJUASDT1R4ZnWvMjt7+Uy2wkK
16bS7KEQqmeE/yjnwXd1jB4C6DGskllHDVZIKNO78JsIYqozXneywcyNI4+9KTGM
uV7Hbla94IBDx9mL4nICZcclUfZ9xkgUFGLh2LFWZU2yNwjv28AfJQCRlVfPJH/R
fTR0k4LkEzw1RG2HiXuyXrBk+KaZYo8=
=DBxg
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: