fix WOLFSSL_X509_NAME parse of empty feild and add test case

2020-09-21 18:44:13 -06:00 · 2020-09-21 18:44:13 -06:00 · cb3338bd57
parent deaf3b4b40
commit cb3338bd57
2 changed files with 31 additions and 9 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -37724,9 +37724,12 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
            goto cleanup;
        }

-        XSTRNCPY(tmp->staticName, cert.subject, ASN_NAME_MAX);
-        tmp->staticName[ASN_NAME_MAX - 1] = '\0';
-        tmp->sz = (int)XSTRLEN(tmp->staticName) + 1;
+        if (wolfSSL_X509_NAME_copy((WOLFSSL_X509_NAME*)cert.subjectName,
+                    tmp) != WOLFSSL_SUCCESS) {
+            wolfSSL_X509_NAME_free(tmp);
+            tmp = NULL;
+            goto cleanup;
+        }

        if (name)
            *name = tmp;
@ -38735,7 +38738,7 @@ err:

        WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()");

-        if (name == NULL || entry == NULL) {
+        if (name == NULL || entry == NULL || entry->value == NULL) {
            WOLFSSL_MSG("NULL argument passed in");
            return WOLFSSL_FAILURE;
        }
@ -38764,11 +38767,6 @@ err:
            }
        }

-        if (wolfSSL_ASN1_STRING_length(entry->value) == 0) {
-            WOLFSSL_MSG("Entry to add was empty");
-            return WOLFSSL_FAILURE;
-        }
-
        current = &(name->entry[i]);
        if (current->set == 0)
            name->entrySz++;
--- a/tests/api.c
+++ b/tests/api.c
@ -23837,6 +23837,13 @@ static void test_wolfSSL_X509_NAME(void)
    int sz;
    unsigned char* tmp;
    char file[] = "./certs/ca-cert.der";
+    byte empty[] = { /* CN=empty emailAddress= */
+        0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
+        0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
+        0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
+        0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x00
+    };

    printf(testingFmt, "wolfSSL_X509_NAME()");

@ -23885,6 +23892,23 @@ static void test_wolfSSL_X509_NAME(void)

    X509_free(x509);

+    /* test with an empty domain component */
+    tmp = empty;
+    sz  = sizeof(empty);
+    AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
+    AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);
+
+    /* size of empty emailAddress will be 0 */
+    tmp = buf;
+    AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
+                (char*)tmp, sizeof(buf)), 0);
+
+    /* should contain no organization name */
+    tmp = buf;
+    AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
+                (char*)tmp, sizeof(buf)), -1);
+    X509_NAME_free(d2i_name);
+
    printf(resultFmt, passed);
    #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
 }