crypto/x509: reject BMPStrings that use invalid characters #71862
Assignees
Comments
rolandshoemaker
added
the
NeedsFix
|
@rolandshoemaker There is also T61String (aka TeletexString), which (i think) no one knows what it really is. See mine CL 487755 which didn't get much attention. |
|
Oh thanks for the pointer, I completely missed that CL. Will take a closer look. |
gabyhelp
added
the
BugReport
|
Change https://go.dev/cl/651275 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The BMPString type is a UCS-2 encoded string. UCS-2 is a defunct uint16 code point based string encoding that was subsumed into UTF-16. There were a large number of unused code points in UCS-2 that became surrogate points in UTF-16 (characters which used multiple code points).
In our BMPString "parser", we just decode the string as UTF-16, which is mostly okay, except it accepts surrogate characters, which should be rejected. This can lead to confusing behavior where we parse an invalid BMPString when we should reject it.
BMPString is basically unused in the webpki (it's disallowed by the CABF BRs), and 5280 only allows it for backwards compatibility with old DNs. We should just reject invalid BMPStrings. We could also consider removing BMPString support entirely.
Thanks to Jinfeng Guo for reporting this issue.
The text was updated successfully, but these errors were encountered: