]> git.ipfire.org Git - thirdparty/FORT-validator.git/commitdiff
projects / thirdparty / FORT-validator.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1122758)
Improve Key Usage validation more
authorAlberto Leiva Popper <ydahhrk@gmail.com>
Thu, 22 Aug 2024 18:40:48 +0000 (12:40 -0600)
committerAlberto Leiva Popper <ydahhrk@gmail.com>
Thu, 22 Aug 2024 18:49:14 +0000 (12:49 -0600)
- Was not checking the decipherOnly bit
- Was not using the buffer meant to ease checking the decipherOnly bit

Again, thanks to Niklas Vogel and Haya Schulmann for reporting this.

src/object/certificate.c patch | blob | blame | history

diff --git a/src/object/certificate.c b/src/object/certificate.c
index 78d5abb84e73a488bf2c90a2a973d047b781ac56..b91aed5137c964009c05b4fddbab547acd48d5a4 100644 (file)
--- a/src/object/certificate.c
+++ b/src/object/certificate.c
@@ -1345,13 +1345,13 @@ handle_ku(ASN1_BIT_STRING *ku, unsigned char byte1)
        memset(data, 0, sizeof(data));
        memcpy(data, ku->data, ku->length);
 
-       if (ku->data[0] != byte1) {
+       if (data[0] != byte1 || data[1] != 0) {
                return pr_val_err("Illegal key usage flag string: %d%d%d%d%d%d%d%d%d",
-                   !!(ku->data[0] & 0x80u), !!(ku->data[0] & 0x40u),
-                   !!(ku->data[0] & 0x20u), !!(ku->data[0] & 0x10u),
-                   !!(ku->data[0] & 0x08u), !!(ku->data[0] & 0x04u),
-                   !!(ku->data[0] & 0x02u), !!(ku->data[0] & 0x01u),
-                   !!(ku->data[1] & 0x80u));
+                   !!(data[0] & 0x80u), !!(data[0] & 0x40u),
+                   !!(data[0] & 0x20u), !!(data[0] & 0x10u),
+                   !!(data[0] & 0x08u), !!(data[0] & 0x04u),
+                   !!(data[0] & 0x02u), !!(data[0] & 0x01u),
+                   !!(data[1] & 0x80u));
        }
 
        return 0;
Mirror of https://github.com/NICMx/FORT-validator.git