diff options
author | Thiago Macieira <thiago.macieira@nokia.com> | 2010-01-20 20:06:32 (GMT) |
---|---|---|
committer | Thiago Macieira <thiago.macieira@nokia.com> | 2010-01-21 13:14:22 (GMT) |
commit | c86ab3fcedd3bcfa195d42d45fb732cb8315319d (patch) | |
tree | a38b1498211288ef300c7ea04050c440fc960434 | |
parent | 0a9e29a58bd501af2e52f868386b27b29ebb1a72 (diff) | |
download | Qt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.zip Qt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.tar.gz Qt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.tar.bz2 |
SSL Certificate: don't crash when the END CERTIFICATE line ends without CRLF
If the file/data ends in the END CERTIFICATE line without a newline,
the certificate is still valid. If it's followed by anything other
than a newline, then it's no longer valid.
Also add another test for the BEGIN CERTIFICATE ending without
newline, to ensure we don't crash there either.
Reviewed-By: Peter Hartmann
5 files changed, 22 insertions, 4 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 8993e72..9a9b1b5 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -696,11 +696,11 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509) static bool matchLineFeed(const QByteArray &pem, int *offset) { - char ch = pem.at(*offset); + char ch; // ignore extra whitespace at the end of the line - while (ch == ' ' && *offset < pem.size()) - ch = pem.at(++*offset); + while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ') + ++*offset; if (ch == '\n') { *offset += 1; @@ -732,7 +732,7 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromPem(const QByteAr break; offset = endPos + sizeof(ENDCERTSTRING) - 1; - if (!matchLineFeed(pem, &offset)) + if (offset < pem.size() && !matchLineFeed(pem, &offset)) break; QByteArray decoded = QByteArray::fromBase64( diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem new file mode 100644 index 0000000..75f3c32 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE-----
\ No newline at end of file diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem new file mode 100644 index 0000000..a71aecf --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem new file mode 100644 index 0000000..f8056c7 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp index 44f8522..c76c11f 100644 --- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp @@ -543,6 +543,9 @@ void tst_QSslCertificate::fromPath_data() QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("no-ending-newline") << QString("more-certificates/no-ending-newline.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("malformed-just-begin") << QString("more-certificates/malformed-just-begin.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("malformed-just-begin-no-newline") << QString("more-certificates/malformed-just-begin-no-newline.pem") << int(QRegExp::FixedString) << true << 0; } void tst_QSslCertificate::fromPath() |