gtlscertificate: Fix bug in PEM private key parser

Make sure to not go outside of PEM data buffer when looking for private
key.

Also adding test case that triggers this bug.
This commit is contained in:
Fredrik Ternerot 2018-12-14 11:46:27 +01:00
parent e8fb8322ce
commit feff178c3f
2 changed files with 12 additions and 3 deletions

View File

@ -258,7 +258,7 @@ parse_private_key (const gchar *data,
} }
} }
end = g_strstr_len (start, data_len - (data - start), footer); end = g_strstr_len (start, data_len - (start - data), footer);
if (!end) if (!end)
{ {
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE, g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,

View File

@ -36,14 +36,16 @@ pem_parser (const Reference *ref)
{ {
GTlsCertificate *cert; GTlsCertificate *cert;
gchar *pem; gchar *pem;
gsize pem_len = 0;
gchar *parsed_cert_pem = NULL; gchar *parsed_cert_pem = NULL;
const gchar *parsed_key_pem = NULL; const gchar *parsed_key_pem = NULL;
GError *error = NULL; GError *error = NULL;
/* Check PEM parsing in certificate, private key order. */ /* Check PEM parsing in certificate, private key order. */
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, &error); g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
g_assert_no_error (error); g_assert_no_error (error);
g_assert (pem); g_assert (pem);
g_assert_cmpuint (pem_len, >=, 10);
cert = g_tls_certificate_new_from_pem (pem, -1, &error); cert = g_tls_certificate_new_from_pem (pem, -1, &error);
g_assert_no_error (error); g_assert_no_error (error);
@ -61,10 +63,17 @@ pem_parser (const Reference *ref)
g_object_unref (cert); g_object_unref (cert);
/* Make sure length is respected and parser detect invalid (truncated) PEM. */ /* Make sure length is respected and parser detect invalid PEM
* when cert is truncated. */
cert = g_tls_certificate_new_from_pem (pem, 10, &error); cert = g_tls_certificate_new_from_pem (pem, 10, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE); g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error); g_clear_error (&error);
/* Make sure length is respected and parser detect invalid PEM
* when cert exists but key is truncated. */
cert = g_tls_certificate_new_from_pem (pem, pem_len - 10, &error);
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
g_clear_error (&error);
g_free (pem); g_free (pem);
/* Check PEM parsing in private key, certificate order */ /* Check PEM parsing in private key, certificate order */