summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThiago Macieira <thiago.macieira@nokia.com>2009-08-24 09:33:34 (GMT)
committerThiago Macieira <thiago.macieira@nokia.com>2009-08-28 09:07:37 (GMT)
commit802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 (patch)
treee69c095056836dccbbf8138934614da542a8a003
parenta3ddaf7eeead265d4a22bf9ae6508509d175cfd2 (diff)
downloadQt-802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6.zip
Qt-802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6.tar.gz
Qt-802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6.tar.bz2
Fix parsing of Subject Alternate Names in Qt.
Simple misuse of QLatin1String. Use QString::fromLatin1 instead and avoid the QByteArray temporary. Reviewed-by: Andreas Aardal Hanssen Tracking: CVE-2009-2700
-rw-r--r--src/network/ssl/qsslcertificate.cpp2
-rw-r--r--tests/auto/qsslcertificate/more-certificates/badguy-nul-san.crt83
-rw-r--r--tests/auto/qsslcertificate/tst_qsslcertificate.cpp21
3 files changed, 105 insertions, 1 deletions
diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp
index d62c911..b5df35c 100644
--- a/src/network/ssl/qsslcertificate.cpp
+++ b/src/network/ssl/qsslcertificate.cpp
@@ -377,7 +377,7 @@ QMultiMap<QSsl::AlternateNameEntryType, QString> QSslCertificate::alternateSubje
}
const char *altNameStr = reinterpret_cast<const char *>(q_ASN1_STRING_data(genName->d.ia5));
- const QString altName = QLatin1String(QByteArray(altNameStr, len));
+ const QString altName = QString::fromLatin1(altNameStr, len);
if (genName->type == GEN_DNS)
result.insert(QSsl::DnsEntry, altName);
else if (genName->type == GEN_EMAIL)
diff --git a/tests/auto/qsslcertificate/more-certificates/badguy-nul-san.crt b/tests/auto/qsslcertificate/more-certificates/badguy-nul-san.crt
new file mode 100644
index 0000000..d897c39
--- /dev/null
+++ b/tests/auto/qsslcertificate/more-certificates/badguy-nul-san.crt
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=GB, ST=Berkshire, L=Newbury, O=My Company Ltd, OU=CA, CN=NULL-friendly CA
+ Validity
+ Not Before: Aug 4 06:53:05 2009 GMT
+ Not After : Aug 2 06:53:05 2019 GMT
+ Subject: CN=www.badguy.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:cd:26:70:96:a9:a6:5d:3e:9c:ed:0f:08:15:5a:
+ 7c:17:25:68:68:af:13:b9:ad:41:fa:12:54:e2:84:
+ 72:7d:58:d1:e2:40:42:c1:59:ed:05:3d:aa:10:53:
+ 70:00:88:3a:77:a0:c0:56:9e:ac:7d:21:2a:71:44:
+ 51:08:bc:17:07:da:a8:a3:76:dc:51:bc:1b:8a:f6:
+ 02:1a:55:bf:46:b4:44:6b:27:5e:be:e5:17:8b:56:
+ b2:c6:82:36:11:83:a8:bf:f7:2f:0d:17:f6:cd:47:
+ b5:6f:2b:a6:41:b6:8d:33:5f:ea:ea:8b:b1:1a:e2:
+ 99:38:ff:59:5b:0a:a1:71:13:ca:37:3f:b9:b0:1e:
+ 91:9a:c8:93:35:0c:4a:e0:9d:f4:d2:61:c7:4e:5b:
+ 41:0a:7c:31:54:99:db:f5:65:ce:80:d3:c2:02:37:
+ 64:fd:54:12:7b:ea:ac:85:59:5c:17:e1:2e:f6:d0:
+ a8:f2:d0:2e:94:59:2f:c2:a6:5f:da:07:de:7b:2e:
+ 14:07:ed:e4:27:24:37:9d:09:2e:b1:f9:5a:48:b9:
+ 80:24:43:e6:cb:c7:6e:35:df:d5:69:34:ff:e6:d6:
+ 9e:e8:76:66:6e:5f:59:01:3c:96:3b:ec:72:0b:3c:
+ 1e:95:0f:ce:68:13:9c:22:dd:1b:b5:44:28:50:4a:
+ 05:7f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 33:15:24:BE:DA:66:3A:06:8B:D9:27:34:3A:AF:62:40:E4:95:66:5D
+ X509v3 Authority Key Identifier:
+ keyid:0A:69:39:5F:9D:30:04:18:08:2E:02:0E:E6:EA:9D:B2:26:F6:E2:6A
+
+ X509v3 Subject Alternative Name:
+ DNS:www.bank.com
+ Signature Algorithm: sha1WithRSAEncryption
+ 27:6e:7d:b3:a9:86:52:57:6a:a0:c6:30:6c:1e:94:09:a7:6f:
+ ad:fe:11:9f:be:32:8d:01:7b:8b:94:66:d7:7c:b6:b1:90:fc:
+ e4:f5:b6:32:bc:6c:71:23:b1:18:88:d6:47:bc:da:07:c7:5e:
+ 46:71:3a:e6:40:6e:c1:7f:1d:56:96:70:65:d8:51:a9:dc:9e:
+ a5:06:00:98:e7:1e:10:bc:82:ba:00:e5:4e:a2:0f:3e:ec:8a:
+ dd:6f:c6:c9:c1:ec:ed:6d:7c:31:3e:66:87:47:a1:8b:15:3c:
+ 21:7e:ec:21:78:3d:21:70:72:ba:70:c3:64:f8:1d:4f:d9:d0:
+ 27:3c:3e:7e:a2:59:ae:be:9a:d3:00:44:a7:72:3a:e3:3f:c8:
+ 9b:c5:8f:b1:94:fe:00:0f:6e:b8:14:88:f1:03:50:91:51:af:
+ f0:1e:f7:b8:5a:a4:57:35:2d:f1:ad:c8:ae:dd:29:61:14:7d:
+ ea:d1:34:80:5c:1b:fd:eb:43:dc:21:6d:c6:44:f9:3b:54:76:
+ c4:91:5b:ac:a4:8e:72:e7:d8:24:ff:a7:5a:c0:ef:27:c3:d7:
+ e4:f9:7f:55:8d:0d:30:ec:a2:d9:6d:c8:76:f4:be:94:3d:12:
+ 32:4a:91:4f:db:c3:e7:76:07:5a:12:97:18:b7:15:00:98:59:
+ 21:89:3e:35
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBADANBgkqhkiG9w0BAQUFADB0MQswCQYDVQQGEwJHQjES
+MBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5N
+eSBDb21wYW55IEx0ZDELMAkGA1UECxMCQ0ExGTAXBgNVBAMTEE5VTEwtZnJpZW5k
+bHkgQ0EwHhcNMDkwODA0MDY1MzA1WhcNMTkwODAyMDY1MzA1WjAZMRcwFQYDVQQD
+Ew53d3cuYmFkZ3V5LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AM0mcJappl0+nO0PCBVafBclaGivE7mtQfoSVOKEcn1Y0eJAQsFZ7QU9qhBTcACI
+OnegwFaerH0hKnFEUQi8FwfaqKN23FG8G4r2AhpVv0a0RGsnXr7lF4tWssaCNhGD
+qL/3Lw0X9s1HtW8rpkG2jTNf6uqLsRrimTj/WVsKoXETyjc/ubAekZrIkzUMSuCd
+9NJhx05bQQp8MVSZ2/VlzoDTwgI3ZP1UEnvqrIVZXBfhLvbQqPLQLpRZL8KmX9oH
+3nsuFAft5CckN50JLrH5Wki5gCRD5svHbjXf1Wk0/+bWnuh2Zm5fWQE8ljvscgs8
+HpUPzmgTnCLdG7VEKFBKBX8CAwEAAaOBpDCBoTAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+MxUkvtpmOgaL2Sc0Oq9iQOSVZl0wHwYDVR0jBBgwFoAUCmk5X50wBBgILgIO5uqd
+sib24mowJgYDVR0RBB8wHYIbd3d3LmJhbmsuY29tAHd3dy5iYWRndXkuY29tMA0G
+CSqGSIb3DQEBBQUAA4IBAQAnbn2zqYZSV2qgxjBsHpQJp2+t/hGfvjKNAXuLlGbX
+fLaxkPzk9bYyvGxxI7EYiNZHvNoHx15GcTrmQG7Bfx1WlnBl2FGp3J6lBgCY5x4Q
+vIK6AOVOog8+7Irdb8bJweztbXwxPmaHR6GLFTwhfuwheD0hcHK6cMNk+B1P2dAn
+PD5+olmuvprTAESncjrjP8ibxY+xlP4AD264FIjxA1CRUa/wHve4WqRXNS3xrciu
+3SlhFH3q0TSAXBv960PcIW3GRPk7VHbEkVuspI5y59gk/6dawO8nw9fk+X9VjQ0w
+7KLZbch29L6UPRIySpFP28PndgdaEpcYtxUAmFkhiT41
+-----END CERTIFICATE-----
diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
index 73d7afd..37ee277 100644
--- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
+++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp
@@ -101,6 +101,7 @@ private slots:
void certInfo();
void task256066toPem();
void nulInCN();
+ void nulInSan();
// ### add tests for certificate bundles (multiple certificates concatenated into a single
// structure); both PEM and DER formatted
#endif
@@ -744,6 +745,26 @@ void tst_QSslCertificate::nulInCN()
QCOMPARE(cn, QString::fromLatin1(realCN, sizeof realCN - 1));
}
+void tst_QSslCertificate::nulInSan()
+{
+ QList<QSslCertificate> certList =
+ QSslCertificate::fromPath(SRCDIR "more-certificates/badguy-nul-san.crt");
+ QCOMPARE(certList.size(), 1);
+
+ const QSslCertificate &cert = certList.at(0);
+ QVERIFY(!cert.isNull());
+
+ QMultiMap<QSsl::AlternateNameEntryType, QString> san = cert.alternateSubjectNames();
+ QVERIFY(!san.isEmpty());
+
+ QString dnssan = san.value(QSsl::DnsEntry);
+ QVERIFY(!dnssan.isEmpty());
+ QVERIFY(dnssan != "www.bank.com");
+
+ static const char realSAN[] = "www.bank.com\0.badguy.com";
+ QCOMPARE(dnssan, QString::fromLatin1(realSAN, sizeof realSAN - 1));
+}
+
#endif // QT_NO_OPENSSL
QTEST_MAIN(tst_QSslCertificate)