Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix false success return code in mbedtls_x509_string_to_names() #7849

Merged
merged 3 commits into from
Jun 30, 2023
Merged

Fix false success return code in mbedtls_x509_string_to_names() #7849

merged 3 commits into from
Jun 30, 2023

Conversation

davidhorstmann-arm
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm commented Jun 27, 2023
edited

Fix an issue where mbedtls_x509_string_to_names() returns success while in fact failing to parse a name. This happens whenever a string is supplied that doesn't contain either = or ,.

In the problematic case, the supplied mbedtls_x509_name list is left alone and the function returns success when it should return an error.

Fixes #2969.

PR checklist

Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")

@davidhorstmann-arm
Return an error when no name is parsed
8fd98d6 
When less than 1 RDN is successfully parsed in
mbedtls_x509_string_to_names(), return an error. Previously this
returned success when a string containing neither '=' or ',' was
supplied.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
@davidhorstmann-arm
Add regression testcase for string_to_names()
b50ae1f 
Test against a string with no '=' or ',' in it, which previously caused
mbedtls_x509_string_to_names() to return 0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
@davidhorstmann-arm
Add ChangeLog entry for string_to_names() fix
582b7cf 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
@davidhorstmann-arm davidhorstmann-arm added needs-review Every commit must be reviewed by at least two team members, needs-backports Backports are missing or are pending review and approval. component-x509 needs-ci Needs to pass CI tests needs-reviewer This PR needs someone to pick it up for review size-s Estimated task size: small (~2d) labels Jun 27, 2023
@davidhorstmann-arm davidhorstmann-arm mentioned this pull request Jun 27, 2023
Merged
3 tasks
@daverodgman daverodgman removed the needs-ci Needs to pass CI tests label Jun 30, 2023
tom-cosgrove-arm
tom-cosgrove-arm approved these changes Jun 30, 2023
View reviewed changes
Copy link
Contributor

@tom-cosgrove-arm tom-cosgrove-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-cosgrove-arm tom-cosgrove-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Jun 30, 2023
@tom-cosgrove-arm tom-cosgrove-arm merged commit c4a760c into Mbed-TLS:development Jun 30, 2023
15 of 17 checks passed
@davidhorstmann-arm davidhorstmann-arm mentioned this pull request Aug 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daverodgman daverodgman daverodgman approved these changes

@tom-cosgrove-arm tom-cosgrove-arm tom-cosgrove-arm approved these changes

Assignees
No one assigned
Labels
approved Design and code approved - may be waiting for CI or backports component-x509 needs-backports Backports are missing or are pending review and approval. size-s Estimated task size: small (~2d)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CSR generation does not return an error when generating an invalid subject
3 participants
@davidhorstmann-arm @daverodgman @tom-cosgrove-arm