rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0070-cert-do-not-crash-on-invalid-data-in-cert-find.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   403b09ab980c02ef36095973349a13e0181c794a
  2.   SOURCES
  3.   0070-cert-do-not-crash-on-invalid-data-in-cert-find.patch
Blob History Raw
403b09 
From adb6802b1b4dec30f19c3bf76089b6bc60ac0454 Mon Sep 17 00:00:00 2001
403b09 
From: Jan Cholasta <jcholast@redhat.com>
403b09 
Date: Mon, 1 Aug 2016 09:55:58 +0200
403b09 
Subject: [PATCH] cert: do not crash on invalid data in cert-find
403b09
403b09 
https://fedorahosted.org/freeipa/ticket/6150
403b09
403b09 
Reviewed-By: Martin Basti <mbasti@redhat.com>
403b09 
Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
403b09 
---
403b09 
 ipaserver/plugins/cert.py | 28 ++++++++++++++++++++++++----
403b09 
 1 file changed, 24 insertions(+), 4 deletions(-)
403b09
403b09 
diff --git a/ipaserver/plugins/cert.py b/ipaserver/plugins/cert.py
403b09 
index 47dccf15a4010f2766642aedd2cc16e0a1eb1dd4..b8df074a186ca91daa8e8f5e725724ea7bc5a663 100644
403b09 
--- a/ipaserver/plugins/cert.py
403b09 
+++ b/ipaserver/plugins/cert.py
403b09 
@@ -32,7 +32,7 @@ import six
403b09
403b09 
 from ipalib import Command, Str, Int, Flag
403b09 
 from ipalib import api
403b09 
-from ipalib import errors
403b09 
+from ipalib import errors, messages
403b09 
 from ipalib import pkcs10
403b09 
 from ipalib import x509
403b09 
 from ipalib import ngettext
403b09 
@@ -994,7 +994,15 @@ class cert_find(Search, CertMethod):
403b09 
             )
403b09
403b09 
     def _get_cert_key(self, cert):
403b09 
-        nss_cert = x509.load_certificate(cert, x509.DER)
403b09 
+        try:
403b09 
+            nss_cert = x509.load_certificate(cert, x509.DER)
403b09 
+        except NSPRError as e:
403b09 
+            message = messages.SearchResultTruncated(
403b09 
+                reason=_("failed to load certificate: %s") % e,
403b09 
+            )
403b09 
+            self.add_message(message)
403b09 
+
403b09 
+            raise ValueError("failed to load certificate")
403b09
403b09 
         return (DN(unicode(nss_cert.issuer)), nss_cert.serial_number)
403b09
403b09 
@@ -1017,7 +1025,10 @@ class cert_find(Search, CertMethod):
403b09 
         except KeyError:
403b09 
             return result, False, False
403b09
403b09 
-        key = self._get_cert_key(cert)
403b09 
+        try:
403b09 
+            key = self._get_cert_key(cert)
403b09 
+        except ValueError:
403b09 
+            return result, True, True
403b09
403b09 
         result[key] = self._get_cert_obj(cert, all, raw, pkey_only)
403b09
403b09 
@@ -1132,12 +1143,21 @@ class cert_find(Search, CertMethod):
403b09 
             entries = []
403b09 
             truncated = False
403b09 
         else:
403b09 
+            try:
403b09 
+                ldap.handle_truncated_result(truncated)
403b09 
+            except errors.LimitsExceeded as e:
403b09 
+                self.add_message(messages.SearchResultTruncated(reason=e))
403b09 
+
403b09 
             truncated = bool(truncated)
403b09
403b09 
         for entry in entries:
403b09 
             for attr in ('usercertificate', 'usercertificate;binary'):
403b09 
                 for cert in entry.get(attr, []):
403b09 
-                    key = self._get_cert_key(cert)
403b09 
+                    try:
403b09 
+                        key = self._get_cert_key(cert)
403b09 
+                    except ValueError:
403b09 
+                        truncated = True
403b09 
+                        continue
403b09
403b09 
                     try:
403b09 
                         obj = result[key]
403b09 
--
403b09 
2.7.4
403b09

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation