Merge branch 'fix-tlscertificate-parse-bug' into 'master'

gtlscertificate: Fix bug in PEM private key parser

See merge request GNOME/glib!534

Also see discussion in GNOME/glib!520
This commit is contained in:
Michael Catanzaro 2018-12-14 21:23:04 +00:00
commit c46565d56a
2 changed files with 12 additions and 3 deletions

View File

@ -258,7 +258,7 @@ parse_private_key (const gchar *data,
} }
} }
end = g_strstr_len (start, data_len - (data - start), footer); end = g_strstr_len (start, data_len - (start - data), footer);
if (!end) if (!end)
{ {
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,

View File

@ -36,14 +36,16 @@ pem_parser (const Reference *ref)
{ {
GTlsCertificate *cert; GTlsCertificate *cert;
gchar *pem; gchar *pem;
gsize pem_len = 0;
gchar *parsed_cert_pem = NULL; gchar *parsed_cert_pem = NULL;
const gchar *parsed_key_pem = NULL; const gchar *parsed_key_pem = NULL;
GError *error = NULL; GError *error = NULL;
/* Check PEM parsing in certificate, private key order. */ /* Check PEM parsing in certificate, private key order. */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert (pem);
g_assert_cmpuint (pem_len, >=, 10);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error); g_assert_no_error (error);
@ -61,10 +63,17 @@ pem_parser (const Reference *ref)
g_object_unref (cert); g_object_unref (cert);
/* Make sure length is respected and parser detect invalid (truncated) PEM. */ /* Make sure length is respected and parser detect invalid PEM
* when cert is truncated. */
cert = g_tls_certificate_new_from_pem (pem, 10, &error); cert = g_tls_certificate_new_from_pem (pem, 10, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error); g_clear_error (&error);
/* Make sure length is respected and parser detect invalid PEM
* when cert exists but key is truncated. */
cert = g_tls_certificate_new_from_pem (pem, pem_len - 10, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_free (pem); g_free (pem);
/* Check PEM parsing in private key, certificate order */ /* Check PEM parsing in private key, certificate order */