diff options
-rw-r--r-- | src/OpenSSL/crypto.py | 10 | ||||
-rw-r--r-- | tests/test_crypto.py | 11 |
2 files changed, 16 insertions, 5 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index d555083..715e1ae 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -695,11 +695,11 @@ class X509Name(object): nid = _lib.OBJ_obj2nid(fname) name = _lib.OBJ_nid2sn(nid) - result.append(( - _ffi.string(name), - _ffi.string( - _lib.ASN1_STRING_data(fval), - _lib.ASN1_STRING_length(fval)))) + # ffi.string does not handle strings containing NULL bytes + # (which may have been generated by old, broken software) + value = _ffi.buffer(_lib.ASN1_STRING_data(fval), + _lib.ASN1_STRING_length(fval))[:] + result.append((_ffi.string(name), value)) return result diff --git a/tests/test_crypto.py b/tests/test_crypto.py index ec632d9..c938021 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1214,6 +1214,17 @@ class TestX509Name(object): subject = cert.get_subject() assert "null.python.org\x00example.org" == subject.commonName + def test_load_nul_byte_components(self): + """ + An `X509Name` from an `X509` instance loaded from a file can have a + NUL byte in the value of its components + """ + cert = load_certificate(FILETYPE_PEM, nulbyteSubjectAltNamePEM) + subject = cert.get_subject() + components = subject.get_components() + ccn = [value for name, value in components if name == b'CN'] + assert ccn[0] == b'null.python.org\x00example.org' + def test_set_attribute_failure(self): """ If the value of an attribute cannot be set for some reason then |