fix: add check for unsupported subject fields #275
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
byronchien
commented
Feb 11, 2023
verifier/verifier.go
Outdated
|
|
||
| // identities containing "=#" can cause memory issues in the asn1-ber library used by | ||
| // pkix when parsing the DN | ||
| if strings.Contains(identityValue, "=#") { |
There was a problem hiding this comment.
adding this to pkix instead
Codecov Report
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more @@ Coverage Diff @@
## main #275 +/- ##
==========================================
+ Coverage 73.37% 73.67% +0.30%
==========================================
Files 23 23
Lines 1994 1994
==========================================
+ Hits 1463 1469 +6
+ Misses 429 425 -4
+ Partials 102 100 -2
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
shizhMSFT
changed the title
byronchien
force-pushed
the
cert-subject-check
branch
from
115dbb1
to
9d094e5
Compare
byronchien
force-pushed
the
cert-subject-check
branch
from
5fd1ccb
to
c669dcf
Compare
priteshbandi
previously approved these changes
Feb 15, 2023
priteshbandi
previously approved these changes
Feb 15, 2023
gokarnm
previously approved these changes
Feb 15, 2023
byronchien
dismissed stale reviews from gokarnm, priteshbandi, and shizhMSFT
via
760aab5
byronchien
force-pushed
the
cert-subject-check
branch
from
91157ac
to
760aab5
Compare
Signed-off-by: Byron Chien <byronc@ucla.edu>
Signed-off-by: Byron Chien <byronc@ucla.edu>
Signed-off-by: Byron Chien <byronc@ucla.edu>
byronchien
force-pushed
the
cert-subject-check
branch
from
760aab5
to
27798ef
Compare
Signed-off-by: Byron Chien <byronc@ucla.edu>
byronchien
force-pushed
the
cert-subject-check
branch
from
876a3b1
to
1362f46
Compare
Signed-off-by: Byron Chien <byronc@ucla.edu>
byronchien
force-pushed
the
cert-subject-check
branch
from
1362f46
to
cac9f1a
Compare
priteshbandi
requested review from
gokarnm,
priteshbandi,
patrickzheng200 and
shizhMSFT
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fails trusted identity verification if the trust policy identity or the subject of the leaf certificate contains "=#".
example logs:
Signed-off-by: Byron Chien chienb@amazon.com