<HTML><BODY>Hello.<br><br>I found a possible crash of Pluto. Please, check it. <br><br>OCSP response contains a choice.<br><pre class="newpage">ResponderID ::= CHOICE {
byName [1] Name,
byKey [2] KeyHash }</pre><br>Assume, we got byKey choice. Then:<br><br>In pluto/ocsp.c: in function valid_ocsp_response:<br><pre>authcert = get_authcert(res->responder_id_name, res->responder_id_key, X509_OCSP_SIGNER | X509_CA);<br><br>In our case res->responder_id_name will be NULL.<br><br>In pluto/ca.c: in function get_authcert:<br><br> if (keyid.ptr)<br> {<br> chunk_t subjectKeyId;<br> subjectKeyId = x509->get_subjectKeyIdentifier(x509);<br> if (subjectKeyId.ptr && !chunk_equals(keyid, subjectKeyId))<br> {<br> continue;<br> }<br> }<br> /* compare the subjectDistinguishedNames */<br> if (!certificate->has_subject(certificate, subject))<br> {<br> continue;<br> }<br><br>In our case we will call certificate->has_subject(certificate, NULL).<br>Because subject is NULL.<br><br>In libstrongswan/plugins/x509/x509_cert.c: has_subject:</pre><pre><span class="r">We use the subject pointer in the first code line:<br>if</span> (subject->get_type(subject) == ID_KEY_ID)<br><br>And the subject is NULL.<br><br>Am I right? Or maybe I missed something. I haven't found any other place of setting res->responder_id_name, but in parsing function.<br>And if we got byKey choice - res->responder_id_name will remain in NULL. Right?</pre><pre><br>Best regards, Vladimir<br></pre></BODY></HTML>