summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiago Macieira <thiago.macieira@nokia.com>2010-01-20 20:06:32 (GMT)
committerThiago Macieira <thiago.macieira@nokia.com>2010-01-21 13:14:22 (GMT)
commitc86ab3fcedd3bcfa195d42d45fb732cb8315319d (patch)
treea38b1498211288ef300c7ea04050c440fc960434
parent0a9e29a58bd501af2e52f868386b27b29ebb1a72 (diff)
downloadQt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.zip
Qt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.tar.gz
Qt-c86ab3fcedd3bcfa195d42d45fb732cb8315319d.tar.bz2
SSL Certificate: don't crash when the END CERTIFICATE line ends without CRLF
If the file/data ends in the END CERTIFICATE line without a newline, the certificate is still valid. If it's followed by anything other than a newline, then it's no longer valid. Also add another test for the BEGIN CERTIFICATE ending without newline, to ensure we don't crash there either. Reviewed-By: Peter Hartmann
-rw-r--r--src/network/ssl/qsslcertificate.cpp8
-rw-r--r--tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem1
-rw-r--r--tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem1
-rw-r--r--tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem13
-rw-r--r--tests/auto/qsslcertificate/tst_qsslcertificate.cpp3
5 files changed, 22 insertions, 4 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index 8993e72..9a9b1b5 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -696,11 +696,11 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509)
static bool matchLineFeed(const QByteArray &pem, int *offset)
{
- char ch = pem.at(*offset);
+ char ch;
// ignore extra whitespace at the end of the line
- while (ch == ' ' && *offset < pem.size())
- ch = pem.at(++*offset);
+ while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ')
+ ++*offset;
if (ch == '\n') {
*offset += 1;
@@ -732,7 +732,7 @@ QList<QSslCertificate> QSslCertificatePrivate::certificatesFromPem(const QByteAr
break;
offset = endPos + sizeof(ENDCERTSTRING) - 1;
- if (!matchLineFeed(pem, &offset))
+ if (offset < pem.size() && !matchLineFeed(pem, &offset))
break;
QByteArray decoded = QByteArray::fromBase64(
diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem
new file mode 100644
index 0000000..75f3c32
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem
@@ -0,0 +1 @@
+-----BEGIN CERTIFICATE----- \ No newline at end of file
diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem
new file mode 100644
index 0000000..a71aecf
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem
@@ -0,0 +1 @@
+-----BEGIN CERTIFICATE-----
diff --git a/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem
new file mode 100644
index 0000000..f8056c7
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV
+BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD
+VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3
+MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC
+Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT
+1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5
+CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1
+snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY
++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl
+Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0
+3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
index 44f8522..c76c11f 100644
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@@ -543,6 +543,9 @@ void tst_QSslCertificate::fromPath_data()
QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0;
QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1;
+ QTest::newRow("no-ending-newline") << QString("more-certificates/no-ending-newline.pem") << int(QRegExp::FixedString) << true << 1;
+ QTest::newRow("malformed-just-begin") << QString("more-certificates/malformed-just-begin.pem") << int(QRegExp::FixedString) << true << 0;
+ QTest::newRow("malformed-just-begin-no-newline") << QString("more-certificates/malformed-just-begin-no-newline.pem") << int(QRegExp::FixedString) << true << 0;
}
void tst_QSslCertificate::fromPath()