Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509/pkix: Name.String overwrites ExtraNames backing store #39873

Closed
rsc opened this issue Jun 26, 2020 · 7 comments
Closed

crypto/x509/pkix: Name.String overwrites ExtraNames backing store #39873

rsc opened this issue Jun 26, 2020 · 7 comments

Comments

@rsc
Copy link
Contributor

@rsc rsc commented Jun 26, 2020

CL 229864 added code to Name.String that looks like:

if len(n.ExtraNames) == 0 {
	for _, atv := range n.Names {
		...
		n.ExtraNames = append(n.ExtraNames, atv)
	}
}

ahead of the existing

return n.ToRDNSequence().String()

This code has a subtle bug: if n.ExtraNames has len 0 but non-zero cap, this loop scribbles over n.ExtraName's backing store. By convention, String methods don't mutate the receiver, but this one does.

The code should add

n.ExtraNames = nil // avoid writing on caller's slice backing store

just before the for loop.

A test of Name.String would also be good.
(I'm surprised this package has no tests at all.)

@rsc rsc added this to the Go1.15 milestone Jun 26, 2020
@cagedmantis
Copy link
Contributor

@cagedmantis cagedmantis commented Jun 26, 2020

@g13013
Copy link

@g13013 g13013 commented Jun 27, 2020

@cagedmantis does this issue require the Name.String test to be accepted ?

PS: I've never contributed to Golang and started yesterday

@g13013
Copy link

@g13013 g13013 commented Jun 28, 2020

@cagedmantis @rsc
The CL contains the fix for this issue.

A test of Name.String would also be good.
(I'm surprised this package has no tests at all.)

It turned out that the tests for this package were under the x509 package in crypto/x509/x509_test.go file

should I move the tests for this package under crypto/x509/pkix as part of this issue ?

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 28, 2020

Change https://golang.org/cl/240317 mentions this issue: crypto/x509/pkix: fix Name.String overwriting ExtraNames

@g13013
Copy link

@g13013 g13013 commented Jun 28, 2020

After a quick look, it seems that moving tests to pkix package would lead to duplication in test fixtures.

@gopherbot
Copy link

@gopherbot gopherbot commented Jun 30, 2020

Change https://golang.org/cl/240543 mentions this issue: crypto/x509/pkix: print non-standard parsed Names at the end

@odeke-em
Copy link
Member

@odeke-em odeke-em commented Jul 1, 2020

Here is a test for @rsc's mentioned bug, that we can perhaps use in the fix to prevent regressions

package pkix_test

import (
	"encoding/asn1"
	"reflect"
	"testing"
	"crypto/x509/pkix"
)

// Issue 39873: Ensure that invoking Name.String() when ExtraNames is empty
// but with a non-zero capacity, won't overwrite the backing store.
func TestNameDotStringDoesnotOverwriteBackingSlice(t *testing.T) {
        backing := []pkix.AttributeTypeAndValue{
                {Type: asn1.ObjectIdentifier([]int{1, 2, 3, 4, 5}), Value: "original.org"},
        }
	n := &pkix.Name{
		Locality: []string{"Gophertown"},
		Names: []pkix.AttributeTypeAndValue{
			{Type: asn1.ObjectIdentifier([]int{1, 2, 3, 4, 5}), Value: "tbd.org"},
		},
		ExtraNames: backing[:0],
	}
	if g, w := n.String(), "1.2.3.4.5=#13077462642e6f7267,L=Gophertown"; g != w {
		t.Errorf(".String mismatch\nGot:  %q\nWant: %q", g, w)
	}
	wantExtraNames := []pkix.AttributeTypeAndValue{
		{Type: asn1.ObjectIdentifier([]int{1, 2, 3, 4, 5}), Value: "example.org"},
	}
	if false && !reflect.DeepEqual(n.ExtraNames, wantExtraNames) {
		t.Fatalf("ExtraNames mismatch\nGot:  %+v\nWant: %+v\n", n.ExtraNames, wantExtraNames)
	}
	wantBacking := []pkix.AttributeTypeAndValue{
		{Type: asn1.ObjectIdentifier([]int{1, 2, 3, 4, 5}), Value: "original.org"},
	}
	if !reflect.DeepEqual(backing, wantBacking) {
		t.Fatalf("Backing mismatch\nGot:  %+v\nWant: %+v\n", backing, wantBacking)
	}
}
@gopherbot gopherbot closed this in 12debf4 Jul 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.