mbedtls::x509::certificate::Certificate::verify() segfaults when passing in an empty certificate chain to verify
#307
Assignees
Labels
Comments
This was
linked to
pull requests
Aug 21, 2023
bors bot
added a commit
that referenced
this issue
Aug 22, 2023
308: fix: return error when verify empty cert chain r=raoulstrackx a=Taowyoo For #307 on master. Several back-port PRs needed for older versions. Co-authored-by: Yuxiang Cao <[email protected]>
bors bot
added a commit
that referenced
this issue
Aug 22, 2023
308: fix: return error when verify empty cert chain r=[raoulstrackx] a=Taowyoo For #307 on master. Several back-port PRs needed for older versions. Co-authored-by: Yuxiang Cao <[email protected]>
bors bot
added a commit
that referenced
this issue
Aug 22, 2023
308: fix: return error when verify empty cert chain r=Taowyoo a=Taowyoo For #307 on master. Several back-port PRs needed for older versions. Co-authored-by: Yuxiang Cao <[email protected]>
bors bot
added a commit
that referenced
this issue
Aug 30, 2023
308: fix: return error when verify empty cert chain r=Taowyoo a=Taowyoo For #307 on master. Several back-port PRs needed for older versions. Only return X509BadInputData error when candidate certificate chain is empty because: - underlying `mbedtls` does not have null pointer check on it. - underlying `mbedtls` has null pointer check on `trust_ca` chain during the process of finding parent certificate in the chain. Co-authored-by: Yuxiang Cao <[email protected]>
bors bot
added a commit
that referenced
this issue
Aug 30, 2023
308: fix: return error when verify empty cert chain r=Taowyoo a=Taowyoo For #307 on master. Several back-port PRs needed for older versions. Only return X509BadInputData error when candidate certificate chain is empty because: - underlying `mbedtls` does not have null pointer check on it. - underlying `mbedtls` has null pointer check on `trust_ca` chain during the process of finding parent certificate in the chain. 312: Update CI r=Taowyoo a=Taowyoo Refactor is prime test Fix bors status problem Co-authored-by: Yuxiang Cao <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The first argument to the
x509_crt_verify()call ischain.inner_ffi_mut(). If this chain is an emptyMbedtlsList(e.g., one created usingMbedtlsList::new()), then theinner_ffi_mut()call will return a null pointer. This null pointer will be dereferenced inside thex509_crt_verify()call, causing a segmentation fault.Although the documentation of
mbedtls_x509_crt_verify()doesn’t state it explicitly, it looks like passing a null pointer for its first argument is not allowed. Hence this appears to be arust-mbedtlsbug, not anmbedtlsbug.Proposed solution: modify the
verify_ex()function inrust-mbedtlsto return aX509BadInputDataerror if the input chain is empty.The fix PR need to back-port to 0.9 and 0.8:
The text was updated successfully, but these errors were encountered: