Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: panic verifying certificate on windows #12184

Closed
deafgoat opened this issue Aug 18, 2015 · 4 comments
Closed

crypto/x509: panic verifying certificate on windows #12184

deafgoat opened this issue Aug 18, 2015 · 4 comments
Assignees
Milestone

Comments

@deafgoat
Copy link
Contributor

@deafgoat deafgoat commented Aug 18, 2015

package main

import "crypto/x509"

func main() {
    c := x509.Certificate{}
    _, _ = c.Verify(x509.VerifyOptions{})
    println("success")
}

Works fine on darwin and various linux distros but panics with the following trace on windows amd64:

panic: runtime error: index out of range

goroutine 1 [running]:
crypto/x509.createStoreContext(0xc08206a000, 0xc082069ec8, 0x0, 0x0, 0x0)
        c:/go/src/crypto/x509/root_windows.go:23 +0x444
crypto/x509.(*Certificate).systemVerify(0xc08206a000, 0xc082069ec8, 0x0, 0x0, 0x
0, 0x0, 0x0)
        c:/go/src/crypto/x509/root_windows.go:146 +0xe0
crypto/x509.(*Certificate).Verify(0xc08206a000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x
0, 0x0, 0x0, ...)
        c:/go/src/crypto/x509/verify.go:215 +0x95
main.main()
        C:/Users/Administrator/x509Issue.go:7 +0x7d

goroutine 2 [runnable]:
runtime.forcegchelper()
        c:/go/src/runtime/proc.go:90
runtime.goexit()
        c:/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 3 [runnable]:
runtime.bgsweep()
        c:/go/src/runtime/mgc0.go:82
runtime.goexit()
        c:/go/src/runtime/asm_amd64.s:2232 +0x1

goroutine 4 [runnable]:
runtime.runfinq()
        c:/go/src/runtime/malloc.go:712
runtime.goexit()
        c:/go/src/runtime/asm_amd64.s:2232 +0x1
exit status 2
@deafgoat deafgoat changed the title crypto/rand: panic verifying certificate on windows crypto/x509: panic verifying certificate on windows Aug 18, 2015
@ianlancetaylor ianlancetaylor added this to the Go1.5Maybe milestone Aug 18, 2015
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Aug 18, 2015

CC @agl

@agl agl self-assigned this Aug 18, 2015
@alexbrainman
Copy link
Member

@alexbrainman alexbrainman commented Aug 19, 2015

Let me know if I can help in any way.

Alex

@rsc
Copy link
Contributor

@rsc rsc commented Aug 19, 2015

The problem is &leaf.Raw[0] because leaf.Raw might be empty. I confirmed that this was broken in Go 1.4 as well, so it must not be common enough a case to merit a last-minute fix for Go 1.5. I think the fix is easy: return CertificateInvalidError{c, Expired} for len(leaf.Raw) == 0. But maybe that will just uncover the next problem with the Windows code on an empty certificate.

@rsc rsc modified the milestones: Go1.6Early, Go1.5Maybe Aug 19, 2015
@gopherbot
Copy link

@gopherbot gopherbot commented Aug 30, 2015

CL https://golang.org/cl/14053 mentions this issue.

@agl agl closed this in 8ee0261 Sep 30, 2015
@golang golang locked and limited conversation to collaborators Oct 4, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.