Support escaping of commas in x509_string_to_names()
This commit is contained in:
parent
333fdeca3a
commit
8dcb2d7d7e
6 changed files with 98 additions and 4 deletions
|
@ -1,5 +1,9 @@
|
|||
PolarSSL ChangeLog (Sorted per branch, date)
|
||||
|
||||
= 1.3 branch
|
||||
Bugfix
|
||||
* Support escaping of commas in x509_string_to_names()
|
||||
|
||||
= PolarSSL 1.3.8 released 2014-07-11
|
||||
Security
|
||||
* Fix length checking for AEAD ciphersuites (found by Codenomicon).
|
||||
|
|
|
@ -143,6 +143,8 @@
|
|||
#define X509_FORMAT_DER 1
|
||||
#define X509_FORMAT_PEM 2
|
||||
|
||||
#define X509_MAX_DN_NAME_SIZE 256 /**< Maximum value size of a DN entry */
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
|
|
@ -750,7 +750,7 @@ int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
|
|||
unsigned char c;
|
||||
const x509_name *name;
|
||||
const char *short_name = NULL;
|
||||
char s[128], *p;
|
||||
char s[X509_MAX_DN_NAME_SIZE], *p;
|
||||
|
||||
memset( s, 0, sizeof( s ) );
|
||||
|
||||
|
|
|
@ -100,6 +100,8 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||
const char *end = s + strlen( s );
|
||||
const char *oid = NULL;
|
||||
int in_tag = 1;
|
||||
char data[X509_MAX_DN_NAME_SIZE];
|
||||
char *d = data;
|
||||
|
||||
/* Clear existing chain if present */
|
||||
asn1_free_named_data_list( head );
|
||||
|
@ -116,13 +118,25 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||
|
||||
s = c + 1;
|
||||
in_tag = 0;
|
||||
d = data;
|
||||
}
|
||||
|
||||
if( !in_tag && ( *c == ',' || c == end ) )
|
||||
if( !in_tag && *c == '\\' && c != end )
|
||||
{
|
||||
c++;
|
||||
|
||||
/* Check for valid escaped characters */
|
||||
if( c == end || *c != ',' )
|
||||
{
|
||||
ret = POLARSSL_ERR_X509_INVALID_NAME;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else if( !in_tag && ( *c == ',' || c == end ) )
|
||||
{
|
||||
if( asn1_store_named_data( head, oid, strlen( oid ),
|
||||
(unsigned char *) s,
|
||||
c - s ) == NULL )
|
||||
(unsigned char *) data,
|
||||
d - data ) == NULL )
|
||||
{
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
@ -133,6 +147,18 @@ int x509_string_to_names( asn1_named_data **head, const char *name )
|
|||
s = c + 1;
|
||||
in_tag = 1;
|
||||
}
|
||||
|
||||
if( !in_tag && s != c + 1 )
|
||||
{
|
||||
*(d++) = *c;
|
||||
|
||||
if( d - data == X509_MAX_DN_NAME_SIZE )
|
||||
{
|
||||
ret = POLARSSL_ERR_X509_INVALID_NAME;
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
c++;
|
||||
}
|
||||
|
||||
|
|
|
@ -57,3 +57,21 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
|
|||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_DES_C:POLARSSL_CIPHER_MODE_CBC:POLARSSL_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":POLARSSL_MD_SHA1:0:0:X509_CRT_VERSION_1:"data_files/server1.v1.crt"
|
||||
|
||||
X509 String to Names #1
|
||||
x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||
|
||||
X509 String to Names #2
|
||||
x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_UNKNOWN_OID
|
||||
|
||||
X509 String to Names #3 (Name precisely 255 bytes)
|
||||
x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
|
||||
|
||||
X509 String to Names #4 (Name larger than 255 bytes)
|
||||
x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||
|
||||
X509 String to Names #5 (Escape non-allowed characters)
|
||||
x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||
|
||||
X509 String to Names #6 (Escape at end)
|
||||
x509_string_to_names:"C=NL, O=Offspark\":"":POLARSSL_ERR_X509_INVALID_NAME
|
||||
|
|
|
@ -132,3 +132,47 @@ exit:
|
|||
mpi_free( &serial );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_X509_CREATE_C:POLARSSL_X509_USE_C */
|
||||
void x509_string_to_names( char *name, char *parsed_name, int result )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0;
|
||||
asn1_named_data *names = NULL;
|
||||
x509_name parsed, *parsed_cur, *parsed_prv;
|
||||
unsigned char buf[2048], *c;
|
||||
|
||||
memset( &parsed, 0, sizeof( parsed ) );
|
||||
memset( buf, 0, sizeof( buf ) );
|
||||
c = buf + sizeof( buf );
|
||||
|
||||
ret = x509_string_to_names( &names, name );
|
||||
TEST_ASSERT( ret == result );
|
||||
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
ret = x509_write_names( &c, buf, names );
|
||||
TEST_ASSERT( ret > 0 );
|
||||
|
||||
TEST_ASSERT( asn1_get_tag( &c, buf + sizeof( buf ), &len,
|
||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) == 0 );
|
||||
TEST_ASSERT( x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
|
||||
|
||||
ret = x509_dn_gets( (char *) buf, sizeof( buf ), &parsed );
|
||||
TEST_ASSERT( ret > 0 );
|
||||
|
||||
TEST_ASSERT( strcmp( (char *) buf, parsed_name ) == 0 );
|
||||
|
||||
exit:
|
||||
asn1_free_named_data_list( &names );
|
||||
|
||||
parsed_cur = parsed.next;
|
||||
while( parsed_cur != 0 )
|
||||
{
|
||||
parsed_prv = parsed_cur;
|
||||
parsed_cur = parsed_cur->next;
|
||||
polarssl_free( parsed_prv );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
Loading…
Reference in a new issue