diff options
| author | Simon Josefsson <simon@josefsson.org> | 2008-11-11 16:39:30 +0100 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2008-11-11 16:39:30 +0100 |
| commit | 4fd3f55c593a5108956d86dd9627756463890046 (patch) | |
| tree | 1a9cc91864163d9bf3513a5c13736f3f7681cac6 /tests/cve-2008-4989.c | |
| parent | ea51e696c8c7020101157b947d6263d5aa12d833 (diff) | |
| download | gnutls-4fd3f55c593a5108956d86dd9627756463890046.tar.gz | |
Also test chain length of 1 since the security patch caused a crash.
Diffstat (limited to 'tests/cve-2008-4989.c')
| -rw-r--r-- | tests/cve-2008-4989.c | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/tests/cve-2008-4989.c b/tests/cve-2008-4989.c index a66205903a..7477fd6d15 100644 --- a/tests/cve-2008-4989.c +++ b/tests/cve-2008-4989.c @@ -118,12 +118,37 @@ static const char *pem_ca = { #define CHAIN_LENGTH (sizeof (pem_certs) / sizeof (pem_certs[0])) +static const char *pem_self_cert = { + "-----BEGIN CERTIFICATE-----\n" + "MIIDgjCCAmygAwIBAgIBADALBgkqhkiG9w0BAQUwSzELMAkGA1UEBhMCQlIxFDAS\n" + "BgNVBAoTC01pbmFzIExpdnJlMSYwJAYDVQQDEx1UaGFkZXUgTGltYSBkZSBTb3V6\n" + "YSBDYXNjYXJkbzAeFw0wODA1MzAxOTUzNDNaFw0wODExMjYxOTUzNDNaMEsxCzAJ\n" + "BgNVBAYTAkJSMRQwEgYDVQQKEwtNaW5hcyBMaXZyZTEmMCQGA1UEAxMdVGhhZGV1\n" + "IExpbWEgZGUgU291emEgQ2FzY2FyZG8wggEfMAsGCSqGSIb3DQEBAQOCAQ4AMIIB\n" + "CQKCAQC4D934O6wrXJbMyu1w8gu6nN0aNUDGqrX9UgaB/4xVuYhPlhjH0z9Dqic9\n" + "0pEZmyNCjQmzDSg/hnlY3fBG0i9Iel2oYn1UB4SdcJ2qGkLS87y2ZbMTS1oyMR7/\n" + "y9l3WGEWqwgjIvOjGstcZo0rCIF8Qr21QGX22KWg2HXlMaZyA9bGtJ+L+x6f2hoo\n" + "yIPCA30VMvIgHjOSPQJF3iJFE4Uxq1PQ65W91NyI6/bRKFOmFdCUJW8tqqvntYP8\n" + "hEE08wGlKimFNv7CqZuRI8QuOnhZ7pBXkyvQpW8yHrORlOHxSjkNQKjddt92TCJb\n" + "1q6eKv2CtCuDLgCuIy0Onr4U9n+hAgMBAAGjeDB2MA8GA1UdEwEB/wQFMAMBAf8w\n" + "HgYDVR0RBBcwFYITbWFpbC5taW5hc2xpdnJlLm9yZzATBgNVHSUEDDAKBggrBgEF\n" + "BQcDATAPBgNVHQ8BAf8EBQMDB6QAMB0GA1UdDgQWBBQ/5v42y0jBHUKEfqpPmr5a\n" + "WsjCGjALBgkqhkiG9w0BAQUDggEBAC/WfO2yK3vM9bG0qFEj8sd0cWiapMhf5PtH\n" + "jigcPb/OKqSFQVXpAdNiUclPRP79Ih3CuWiXfZ/CW0+k2Z8tyy6AnEQItWvoVh/b\n" + "8lS7Ph/f9JUYHp2DtgsQWcNQbrUZOPFBu8J4MD6cDWG5Uxwl3YASg30ZdmMDNT8B\n" + "HshYz0HUOAhYwVSI3J/f7LFhD5OpjSroHgE7wA9UJrerAp9f7e3e9D7kNQ8DlvLP\n" + "kz6Jh+5M/xD3JO1yl+evaCp3LA+z4M2xiNvtzkAEgj3t6RaJ81Sh5XGiooDYZ14R\n" + "DgEBYLTUfBYBPzoaahPEdG/f0kUjUBJ34fkBUSjJKURPTHJfDfA=\n" + "-----END CERTIFICATE-----\n" +}; + int main (int argc, char *argv[]) { int ret; gnutls_x509_crt_t certs[3]; gnutls_x509_crt_t ca; + gnutls_x509_crt_t self_cert; gnutls_datum_t tmp; size_t i; unsigned int verify_status; @@ -178,6 +203,34 @@ main (int argc, char *argv[]) for (i = 0; i < CHAIN_LENGTH; i++) gnutls_x509_crt_deinit (certs[i]); + /* Also test chain length of 1, since the initial patch to solve the + problem caused a crash in this situation. */ + + ret = gnutls_x509_crt_init (&self_cert); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_init: %s", gnutls_strerror (ret)); + + tmp.data = pem_self_cert; + tmp.size = strlen (pem_self_cert); + + ret = gnutls_x509_crt_import (self_cert, &tmp, GNUTLS_X509_FMT_PEM); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_import: %s", + gnutls_strerror (ret)); + + ret = gnutls_x509_crt_list_verify (&self_cert, 1, + &self_cert, 1, + NULL, 0, + 0, &verify_status); + if (ret < 0) + error (EXIT_FAILURE, 0, "gnutls_x509_crt_list_verify[%d]: %s", i, + gnutls_strerror (ret)); + + if (verify_status != 0) + error (EXIT_FAILURE, 0, "verify_status: %d", verify_status); + + gnutls_x509_crt_deinit (self_cert); + gnutls_global_deinit (); return 0; |