PR#100: Allow leading/trailing data when looking for certificates - certmonger

certmonger

#100 Allow leading/trailing data when looking for certificates

Merged 6 years ago by rcritten. Opened 6 years ago by rcritten.

rcritten/certmonger parse_pem into master

Allow leading/trailing data when looking for certificates

Rob Crittenden • 6 years ago

8e47658

src/pkcs7.c

file modified

+3 -2

		`@@ -976,10 +976,11 @@`
		`* concatenated, always break them up. */`
		`p = s;`
		`while ((p != NULL) && (*p != '\0')) {`
		`- if (strncmp(p, "-----BEGIN", 10) != 0) {`
		`+ p = strstr(p, "-----BEGIN");`
		`+ if (p == NULL) {`
		`break;`
		`}`
		`- q = strstr(p, "----END");`
		`+ q = strstr(p, "-----END");`
		`if (q == NULL) {`
		`break;`
		`}`

rcritten commented 6 years ago

When parsing the list of certificates provided for signing
verification the parser did not allow leading or trailing
data, like headers you might find in openSSL exported PKCS#12
values:

Bag Attributes
2.16.840.1.113730.5.1.1.1: CT,C,C
localKeyID: 00 9B 92 61 B3 05 7F EE 42 9B 6A AF DE 5B 08 ...
friendlyName: CA Signing Certificate
subject=/O=ACME/CN=CA Signing Certificate
issuer=/O=ACME/CN=CA Signing Certificate

https://pagure.io/certmonger/issue/93

rcritten commented 6 years ago

@nalin does this look reasonable to you?

nalin commented 6 years ago

@rcritten Yeah, that looks reasonable - it should still be able to parse multiple certificates that have been strung together. Bonus points for catching my incorrect number of '-' characters when looking for the end of the certificate!

rcritten commented 6 years ago

great, thanks for the review.

Pull-Request has been merged by rcritten

6 years ago