subversion-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bre...@apache.org
Subject svn commit: r1654989 - /subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c
Date Tue, 27 Jan 2015 08:49:28 GMT
Author: breser
Date: Tue Jan 27 08:49:27 2015
New Revision: 1654989

URL: http://svn.apache.org/r1654989
Log:
On the 'svn-auth-x509' branch, add a test for overflow in object ids.

This test is currently XFAIL.  I'll commit the fix tomorrow.

* subversion/tests/libsvn_subr/x509-test.c
  (broken_cert_tests, test_x509_parse_cert_broken): New test.
  (test_funcs): Add the new test.


Modified:
    subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c

Modified: subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c
URL: http://svn.apache.org/viewvc/subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c?rev=1654989&r1=1654988&r2=1654989&view=diff
==============================================================================
--- subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c (original)
+++ subversion/branches/svn-auth-x509/subversion/tests/libsvn_subr/x509-test.c Tue Jan 27
08:49:27 2015
@@ -637,6 +637,67 @@ test_x509_parse_cert(apr_pool_t *pool)
   return SVN_NO_ERROR;
 }
 
+static struct x509_test broken_cert_tests[] = {
+  /* certificate with subject that includes an attribute that has a
+   * object id that has and overflow such that it calculates to
+   * the same object id as the Common Name (2.5.4.3).  OpenSSL
+   * with its bignum support shows this as 2.5.4.2361183241434822606851.
+   * It would be wrong to display this as a Common Name to the user. */
+  { "MIIDGTCCAgECAQEwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQVUxEzARBgNV"
+    "BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0"
+    "ZDAeFw0xNTAxMjcwODMxNDNaFw0xNjAxMjcwODMxNDNaMGAxCzAJBgNVBAYTAlVT"
+    "MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQHEwpOb3J0aCBCZW5kMScwJQYN"
+    "VQSCgICAgICAgICAAxMUb3ZlcmZsb3cuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3"
+    "DQEBAQUAA4IBDwAwggEKAoIBAQDHL1e8zSPyRND3tI42Vqca2FoCiWn881Czv2ct"
+    "tGFwyjUM8R1yHXEP+doS9KN9L29xRWZRxyCQ18S+QbjNQCh6Ay22qnkBu0uPdVB6"
+    "iIVKiW9RzU8dZSFMnveUZYLloG12kK++ooJGIstTJwkI8Naw1X1D29gZaY9oSKAc"
+    "Gs5c92po61RoetB744dUfUbAXi8eEd4ShdsdnCoswpEI4WTLdYLZ/cH/sU1a5Djm"
+    "cAfEBzZSOseEQSG7Fa/HvHyW+jDNnKG2r73M45TDcXAunSFcAYl1ioBaRwwdcTbK"
+    "SMGORThIX5UwpJDZI5sTVmTTRuCjbMxXXki/g9fTYD6mlaavAgMBAAEwDQYJKoZI"
+    "hvcNAQEFBQADggEBABvZSzFniMK4lqJcubzzk410NqZQEDBxdNZTNGrQYIDV8fDU"
+    "LLoQ2/2Y6kOQbx8r3RNcaJ6JtJeVqAq05It9oR5lMJFA2r0YMl4eB2V6o35+eaKY"
+    "FXrJzwx0rki2mX+iKsgRbJTv6mFb4I7vny404WKHNgYIfB8Z5jgbwWgrXH9M6BMb"
+    "FL9gZHMmU+6uqvCPYeIIZaAjT4J4E9322gpcumI9KGVApmbQhi5lC1hBh+eUprG7"
+    "4Brl9GeCLSTnTTf4GHIpqaUsKMtJ1sN/KJGwEB7Z4aszr80P5/sjHXOyqJ78tx46"
+    "pwH7/Fx0pM7nZjJVGvcxGBBOMeKy/o2QUVvEYPU=",
+    "C=US, ST=Washington, L=North Bend, \?\?=overflow.example.com",
+    "2.5.4.6 2.5.4.8 2.5.4.7 2.5.4.3",
+    "C=AU, ST=Some-State, O=Internet Widgits Pty Ltd",
+    "2.5.4.6 2.5.4.8 2.5.4.10",
+    "2015-01-27T08:31:43.000000Z",
+    "2016-01-27T08:31:43.000000Z",
+    NULL,
+    "c1f063daf23e402fe58bab1a3fa2ba05c1106158"
+  },
+  { NULL }
+};
+
+static svn_error_t *
+test_x509_parse_cert_broken(apr_pool_t *pool)
+{
+  struct x509_test *xt;
+  apr_pool_t *iterpool = svn_pool_create(pool);
+
+  for (xt = broken_cert_tests; xt->base64_cert; xt++)
+    {
+      const svn_string_t *der_cert;
+      svn_x509_certinfo_t *certinfo;
+
+      svn_pool_clear(iterpool);
+
+      /* Convert header-less PEM to DER by undoing base64 encoding. */
+      der_cert = svn_base64_decode_string(svn_string_create(xt->base64_cert,
+                                                            pool),
+                                          iterpool);
+
+      SVN_ERR(svn_x509_parse_cert(&certinfo, der_cert->data, der_cert->len,
+                                  iterpool, iterpool));
+
+      SVN_ERR(compare_results(xt, certinfo, iterpool));
+    }
+
+  return SVN_NO_ERROR;
+}
 
 /* The test table.  */
 
@@ -647,6 +708,8 @@ static struct svn_test_descriptor_t test
     SVN_TEST_NULL,
     SVN_TEST_PASS2(test_x509_parse_cert,
                    "test svn_x509_parse_cert"),
+    SVN_TEST_XFAIL2(test_x509_parse_cert_broken,
+                    "test broken certs"),
     SVN_TEST_NULL
   };
 



Mime
View raw message