[ssh_x509] X.509 certificates support v7.3 is now available

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Sep 30 18:56:57 EEST 2012


Thanks for report.

> Dear Mr. Petrov
> We are security engineers of the Swiss company AdNovurm Informatik AG
> and responsible for our customized OpenSSH called AdnSSH, which also
> features your marvelous Patch for supporting X.509 certificates.
> However, after several years, we have faced a bug in the function
> x509key_writer [1], which uses an insufficient length for the uu-encoded
> destination buffer.
> Thereby, the destination buffer should be at least 33-36% [2] bigger
> than the source buffer because of the base64-encoding process (call of
> uuencode).
> With the goal to overcome this problem, we used a dynamic approach for
> allocating heap memory for uuencode [3].
> Finally, we would appreciate your help in including this fix in your
> next patch and remain with best wishes

Next patch will include updated x509key_write() with dynamic allocation 
of target buffer for uuencode() and signed vs unsigned issue with result 
of uuencode().

> J. Hegglin / R. Hedayat

Roumen Petrov

More information about the ssh_x509 mailing list