From c86ab3fcedd3bcfa195d42d45fb732cb8315319d Mon Sep 17 00:00:00 2001 From: Thiago Macieira Date: Wed, 20 Jan 2010 21:06:32 +0100 Subject: SSL Certificate: don't crash when the END CERTIFICATE line ends without CRLF If the file/data ends in the END CERTIFICATE line without a newline, the certificate is still valid. If it's followed by anything other than a newline, then it's no longer valid. Also add another test for the BEGIN CERTIFICATE ending without newline, to ensure we don't crash there either. Reviewed-By: Peter Hartmann --- src/network/ssl/qsslcertificate.cpp | 8 ++++---- .../more-certificates/malformed-just-begin-no-newline.pem | 1 + .../more-certificates/malformed-just-begin.pem | 1 + .../qsslcertificate/more-certificates/no-ending-newline.pem | 13 +++++++++++++ tests/auto/qsslcertificate/tst_qsslcertificate.cpp | 3 +++ 5 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem create mode 100644 tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem create mode 100644 tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem diff --git a/src/network/ssl/qsslcertificate.cpp b/src/network/ssl/qsslcertificate.cpp index 8993e72..9a9b1b5 100644 --- a/src/network/ssl/qsslcertificate.cpp +++ b/src/network/ssl/qsslcertificate.cpp @@ -696,11 +696,11 @@ QSslCertificate QSslCertificatePrivate::QSslCertificate_from_X509(X509 *x509) static bool matchLineFeed(const QByteArray &pem, int *offset) { - char ch = pem.at(*offset); + char ch; // ignore extra whitespace at the end of the line - while (ch == ' ' && *offset < pem.size()) - ch = pem.at(++*offset); + while (*offset < pem.size() && (ch = pem.at(*offset)) == ' ') + ++*offset; if (ch == '\n') { *offset += 1; @@ -732,7 +732,7 @@ QList QSslCertificatePrivate::certificatesFromPem(const QByteAr break; offset = endPos + sizeof(ENDCERTSTRING) - 1; - if (!matchLineFeed(pem, &offset)) + if (offset < pem.size() && !matchLineFeed(pem, &offset)) break; QByteArray decoded = QByteArray::fromBase64( diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem new file mode 100644 index 0000000..75f3c32 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin-no-newline.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE----- \ No newline at end of file diff --git a/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem new file mode 100644 index 0000000..a71aecf --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/malformed-just-begin.pem @@ -0,0 +1 @@ +-----BEGIN CERTIFICATE----- diff --git a/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem new file mode 100644 index 0000000..f8056c7 --- /dev/null +++ b/tests/auto/qsslcertificate/more-certificates/no-ending-newline.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8zCCAVwCAREwDQYJKoZIhvcNAQEFBQAwWzELMAkGA1UEBhMCQVUxEzARBgNV +BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMRswGQYD +VQQDExJUZXN0IENBICgxMDI0IGJpdCkwHhcNMDcwNDE3MDc0MDI2WhcNMDcwNTE3 +MDc0MDI2WjApMRowGAYDVQQDExFuYW1lL3dpdGgvc2xhc2hlczELMAkGA1UEBhMC +Tk8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOud6QOsME+pWANExxgmL0iT +1ayg++hTxHsqAYnm/FoMxfUh+NdKkgJn2/GfNppinfPOSI667VqonU+7JBZDTLV5 +CPbZIo9fFQpDJQN6naev4yaxU1VeYFfI7S8c8zYKeGSR+RenNNeLvfH80YxPpZZ1 +snv8IfDH2V8MVxiyr7lLAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAleaU4pgzV6KY ++q9QuXapUYMsC2GiNtDmkG3k+MTHUO8XlE4hqPrIM6rRf7zKQdZ950R2wL9FSnYl +Qm1Tdv38dCka6ivMBqvRuOt9axH3m0G7nzHL7U3zaCbtEx3yVln+b3yYtiVpTuq0 +3MLrt7tQGAW6ra8ISf6YY1W65/uVXZE= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp index 44f8522..c76c11f 100644 --- a/tests/auto/qsslcertificate/tst_qsslcertificate.cpp +++ b/tests/auto/qsslcertificate/tst_qsslcertificate.cpp @@ -543,6 +543,9 @@ void tst_QSslCertificate::fromPath_data() QTest::newRow("\"d.*/c.*.pem\" wildcard der") << QString("d.*/c.*.pem") << int(QRegExp::Wildcard) << false << 0; QTest::newRow("trailing-whitespace") << QString("more-certificates/trailing-whitespace.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("no-ending-newline") << QString("more-certificates/no-ending-newline.pem") << int(QRegExp::FixedString) << true << 1; + QTest::newRow("malformed-just-begin") << QString("more-certificates/malformed-just-begin.pem") << int(QRegExp::FixedString) << true << 0; + QTest::newRow("malformed-just-begin-no-newline") << QString("more-certificates/malformed-just-begin-no-newline.pem") << int(QRegExp::FixedString) << true << 0; } void tst_QSslCertificate::fromPath() -- cgit v0.12