Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: CreateCertificate can panic in asn1 code #16603

Closed
jefferai opened this issue Aug 4, 2016 · 5 comments
Closed

crypto/x509: CreateCertificate can panic in asn1 code #16603

jefferai opened this issue Aug 4, 2016 · 5 comments
Assignees
Milestone

Comments

@jefferai
Copy link

@jefferai jefferai commented Aug 4, 2016

Please answer these questions before submitting your issue. Thanks!

(1) What version of Go are you using (go version)?

go version go1.7rc4 linux/amd64

(2) What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/jeff/go"
GORACE=""
GOROOT="/home/jeff/src/go"
GOTOOLDIR="/home/jeff/src/go/pkg/tool/linux_amd64"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build022291271=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"

(3) What did you do?

https://play.golang.org/p/P68H4kx8AF

Created a self-signed certificate. This goes away if I set a SerialNumber on the template. The documentation says that SerialNumber will be used from the template, but not that it is required (so it's reasonable to think that it may be randomly chosen if not set). Either way, I'd argue that there should be a check to detect this and return an error, rather than an undocumented panic situation.

(4) What did you expect to see?

An error.

(5) What did you see instead?

A panic.

@bradfitz bradfitz changed the title SIGSEGV in x509.CreateCertificate crypto/x509: CreateCertificate can panic in asn1 code Aug 4, 2016
@bradfitz bradfitz added this to the Go1.8 milestone Aug 4, 2016
@bradfitz bradfitz added the help wanted label Aug 4, 2016
@bradfitz
Copy link
Contributor

@bradfitz bradfitz commented Aug 4, 2016

/cc @agl

@agl agl self-assigned this Aug 4, 2016
@hirochachacha
Copy link
Contributor

@hirochachacha hirochachacha commented Aug 5, 2016

Here is a minimal code.

package main

import (
    "encoding/asn1"
    "math/big"
)

type A struct {
    B *big.Int
}

func main() {
    asn1.Marshal(A{})
}
@jefferai
Copy link
Author

@jefferai jefferai commented Aug 5, 2016

Whether that's a minimal code example depends on where the problem lies. It may be appropriate for asn1 to panic on a null big.Int; it may be that the appropriate fix is for the x509 package to ensure it never is and error if so.

@hirochachacha
Copy link
Contributor

@hirochachacha hirochachacha commented Aug 5, 2016

maybe yes, maybe no (I'm not a judge either:)
asn1.Marshal also undocumented panic at least.

@gopherbot
Copy link

@gopherbot gopherbot commented Aug 17, 2016

CL https://golang.org/cl/27238 mentions this issue.

@gopherbot gopherbot closed this in b23b9a7 Aug 17, 2016
@golang golang locked and limited conversation to collaborators Aug 17, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.