mirror of
https://gitlab.gnome.org/GNOME/glib.git
synced 2025-01-11 23:16:14 +01:00
gtlscertificate: Fix bug in PEM private key parser
Make sure to not go outside of PEM data buffer when looking for private key. Also adding test case that triggers this bug.
This commit is contained in:
parent
e8fb8322ce
commit
feff178c3f
@ -258,7 +258,7 @@ parse_private_key (const gchar *data,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
end = g_strstr_len (start, data_len - (data - start), footer);
|
end = g_strstr_len (start, data_len - (start - data), footer);
|
||||||
if (!end)
|
if (!end)
|
||||||
{
|
{
|
||||||
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
|
g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
|
||||||
|
@ -36,14 +36,16 @@ pem_parser (const Reference *ref)
|
|||||||
{
|
{
|
||||||
GTlsCertificate *cert;
|
GTlsCertificate *cert;
|
||||||
gchar *pem;
|
gchar *pem;
|
||||||
|
gsize pem_len = 0;
|
||||||
gchar *parsed_cert_pem = NULL;
|
gchar *parsed_cert_pem = NULL;
|
||||||
const gchar *parsed_key_pem = NULL;
|
const gchar *parsed_key_pem = NULL;
|
||||||
GError *error = NULL;
|
GError *error = NULL;
|
||||||
|
|
||||||
/* Check PEM parsing in certificate, private key order. */
|
/* Check PEM parsing in certificate, private key order. */
|
||||||
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, &error);
|
g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, &pem_len, &error);
|
||||||
g_assert_no_error (error);
|
g_assert_no_error (error);
|
||||||
g_assert (pem);
|
g_assert (pem);
|
||||||
|
g_assert_cmpuint (pem_len, >=, 10);
|
||||||
|
|
||||||
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
|
cert = g_tls_certificate_new_from_pem (pem, -1, &error);
|
||||||
g_assert_no_error (error);
|
g_assert_no_error (error);
|
||||||
@ -61,10 +63,17 @@ pem_parser (const Reference *ref)
|
|||||||
|
|
||||||
g_object_unref (cert);
|
g_object_unref (cert);
|
||||||
|
|
||||||
/* Make sure length is respected and parser detect invalid (truncated) PEM. */
|
/* Make sure length is respected and parser detect invalid PEM
|
||||||
|
* when cert is truncated. */
|
||||||
cert = g_tls_certificate_new_from_pem (pem, 10, &error);
|
cert = g_tls_certificate_new_from_pem (pem, 10, &error);
|
||||||
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
|
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
|
||||||
g_clear_error (&error);
|
g_clear_error (&error);
|
||||||
|
|
||||||
|
/* Make sure length is respected and parser detect invalid PEM
|
||||||
|
* when cert exists but key is truncated. */
|
||||||
|
cert = g_tls_certificate_new_from_pem (pem, pem_len - 10, &error);
|
||||||
|
g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
|
||||||
|
g_clear_error (&error);
|
||||||
g_free (pem);
|
g_free (pem);
|
||||||
|
|
||||||
/* Check PEM parsing in private key, certificate order */
|
/* Check PEM parsing in private key, certificate order */
|
||||||
|
Loading…
Reference in New Issue
Block a user