[glib: 1/2] gtlscertificate: Fix bug in PEM private key parser



commit feff178c3f5dadeff47228500a212a9be5688ba2
Author: Fredrik Ternerot <fredrikt axis com>
Date:   Fri Dec 14 11:46:27 2018 +0100

    gtlscertificate: Fix bug in PEM private key parser
    
    Make sure to not go outside of PEM data buffer when looking for private
    key.
    
    Also adding test case that triggers this bug.

 gio/gtlscertificate.c       |  2 +-
 gio/tests/tls-certificate.c | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)
---
diff --git a/gio/gtlscertificate.c b/gio/gtlscertificate.c
index 9e497c58b..1ec48f118 100644
--- a/gio/gtlscertificate.c
+++ b/gio/gtlscertificate.c
@@ -258,7 +258,7 @@ parse_private_key (const gchar *data,
        }
     }
 
-  end = g_strstr_len (start, data_len - (data - start), footer);
+  end = g_strstr_len (start, data_len - (start - data), footer);
   if (!end)
     {
       g_set_error_literal (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE,
diff --git a/gio/tests/tls-certificate.c b/gio/tests/tls-certificate.c
index 4cc15d2d7..db2511f59 100644
--- a/gio/tests/tls-certificate.c
+++ b/gio/tests/tls-certificate.c
@@ -36,14 +36,16 @@ pem_parser (const Reference *ref)
 {
   GTlsCertificate *cert;
   gchar *pem;
+  gsize pem_len = 0;
   gchar *parsed_cert_pem = NULL;
   const gchar *parsed_key_pem = NULL;
   GError *error = NULL;
 
   /* Check PEM parsing in certificate, private key order. */
-  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, NULL, 
&error);
+  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "cert-tests", "cert-key.pem", NULL), &pem, 
&pem_len, &error);
   g_assert_no_error (error);
   g_assert (pem);
+  g_assert_cmpuint (pem_len, >=, 10);
 
   cert = g_tls_certificate_new_from_pem (pem, -1, &error);
   g_assert_no_error (error);
@@ -61,10 +63,17 @@ pem_parser (const Reference *ref)
 
   g_object_unref (cert);
 
-  /* Make sure length is respected and parser detect invalid (truncated) PEM. */
+  /* Make sure length is respected and parser detect invalid PEM
+   * when cert is truncated. */
   cert = g_tls_certificate_new_from_pem (pem, 10, &error);
   g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
   g_clear_error (&error);
+
+  /* Make sure length is respected and parser detect invalid PEM
+   * when cert exists but key is truncated. */
+  cert = g_tls_certificate_new_from_pem (pem, pem_len - 10, &error);
+  g_assert_error (error, G_TLS_ERROR, G_TLS_ERROR_BAD_CERTIFICATE);
+  g_clear_error (&error);
   g_free (pem);
 
   /* Check PEM parsing in private key, certificate order */


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]