From 9ceb2f15c20ad49179b44997ed188db0e0879c98 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Fri, 23 Aug 2013 15:23:21 -0400
Subject:  again

---
 OpenSSL/crypto/x509ext.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/OpenSSL/crypto/x509ext.c b/OpenSSL/crypto/x509ext.c
index caa78b0..e075ae7 100644
--- a/OpenSSL/crypto/x509ext.c
+++ b/OpenSSL/crypto/x509ext.c
@@ -237,8 +237,10 @@ crypto_X509Extension_dealloc(crypto_X509ExtensionObj *self)
 }
 
 
-/* Special handling of subjectAltName, see CVE-2013-4073 */
-
+/* Special handling of subjectAltName.  OpenSSL's builtin formatter,
+ * X509V3_EXT_print, mishandles NUL bytes allowing a truncated display that
+ * does not accurately reflect what's in the extension.
+ */
 int
 crypto_X509Extension_str_san(crypto_X509ExtensionObj *self, BIO *bio)
 {
-- 
cgit v1.2.1