Created attachment 1679840 [details] Code to verify rfc7512 URI serialization result Description of problem: null-bytes are not serialized correctly Version-Release number of selected component (if applicable): 1.22-8 How reproducible: Use libpkc11-helper-1 to serialize PKCS11 IDs containing null bytes Steps to Reproduce: 1. Deserialize old token format "manufacturer/model/serial/token/0A00" 2. Serialize with Fedora version of pkcs11-helper library Actual results: Certificate serialized as "%0A" Expected results: Certificate serialized as "%0A%00" Additional info: pkcs11h-serialization.c:__token_attr_escape needs additional null-byte check. strchr(..., 0) accepts string terminator as valid match.
Created attachment 1679913 [details] trigger null-byte encoding for __token_attr_escape
FEDORA-2020-6ec6f8ed90 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-6ec6f8ed90
FEDORA-2020-9b11b5520f has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-9b11b5520f
FEDORA-2020-bd3a78919a has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-bd3a78919a
FEDORA-2020-9b11b5520f has been pushed to the Fedora 31 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-9b11b5520f` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-9b11b5520f See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-bd3a78919a has been pushed to the Fedora 30 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-bd3a78919a` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-bd3a78919a See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-6ec6f8ed90 has been pushed to the Fedora 32 testing repository. In short time you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-6ec6f8ed90` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6ec6f8ed90 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2020-6ec6f8ed90 has been pushed to the Fedora 32 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-bd3a78919a has been pushed to the Fedora 30 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2020-9b11b5520f has been pushed to the Fedora 31 stable repository. If problem still persists, please make note of it in this bug report.