Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2764 - ucert: ucert -A output is invalid #7564

Open
openwrt-bot opened this issue Jan 22, 2020 · 0 comments
Open

FS#2764 - ucert: ucert -A output is invalid #7564

openwrt-bot opened this issue Jan 22, 2020 · 0 comments
Labels

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Jan 22, 2020

hmh:

ucert -A generates something that ucert cannot read back.

This happens because ucert -A appears to be appending several libubox "blobs" together, but cert_load() uses libubox' blob_parse_untrusted() which expects to get a buffer with a single blob inside, and no padding.

Thus a valid ucert file with certificate and signature will be bigger than the first blob inside it, and blob_parse_untrusted() in libubox won't even try to process it.

Since this renders ucert useless, severity is set to high.

This is related to FS#2762 and FS#2763

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant