Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: return error when verify empty cert chain #308

Merged
merged 3 commits into from
Aug 30, 2023
Merged

fix: return error when verify empty cert chain #308

merged 3 commits into from
Aug 30, 2023

Conversation

Taowyoo
Copy link
Collaborator

@Taowyoo Taowyoo commented Aug 21, 2023
edited
Loading

For #307 on master.

Several back-port PRs needed for older versions.

Only return X509BadInputData error when candidate certificate chain is empty because:

  • underlying mbedtls does not have null pointer check on it.
  • underlying mbedtls has null pointer check on trust_ca chain during the process of finding parent certificate in the chain.

@Taowyoo Taowyoo added the bug label Aug 21, 2023
@Taowyoo Taowyoo self-assigned this Aug 21, 2023
@Taowyoo Taowyoo linked an issue Aug 21, 2023 that may be closed by this pull request
mbedtls::x509::certificate::Certificate::verify() segfaults when passing in an empty certificate chain to verify #307
Closed
3 tasks
This was referenced Aug 21, 2023
Merged
Merged
@raoulstrackx
Copy link
Contributor

bors r+

bors bot added a commit that referenced this pull request Aug 22, 2023
@bors @Taowyoo
Merge #308
5acd6c6 
308: fix: return error when verify empty cert chain r=raoulstrackx a=Taowyoo

For #307 on master.

Several back-port PRs needed for older versions.

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
@bors
Copy link
Contributor

bors bot commented Aug 22, 2023

Timed out.

@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 22, 2023

bors r=[raoulstrackx]

bors bot added a commit that referenced this pull request Aug 22, 2023
@bors @Taowyoo
Merge #308
79e0366 
308: fix: return error when verify empty cert chain r=[raoulstrackx] a=Taowyoo

For #307 on master.

Several back-port PRs needed for older versions.

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
@bors
Copy link
Contributor

bors bot commented Aug 22, 2023

This PR was included in a batch that successfully built, but then failed to merge into master. It will not be retried.

Additional information:

Response status code: 422
{"message":"This branch must not contain merge commits.","documentation_url":"https://docs.github.com/articles/about-protected-branches"}

@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 22, 2023

bors r+

bors bot added a commit that referenced this pull request Aug 22, 2023
@bors @Taowyoo
Merge #308
f07ee08 
308: fix: return error when verify empty cert chain r=Taowyoo a=Taowyoo

For #307 on master.

Several back-port PRs needed for older versions.

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 22, 2023

bors r+

@bors
Copy link
Contributor

bors bot commented Aug 22, 2023

Already running a review

@Taowyoo Taowyoo force-pushed the 307-mbedtlsx509certificatecertificateverify-segfaults-when-passing-in-an-empty-certificate-chain-to-verify branch from 835d85a to aa0425e Compare August 22, 2023 19:36
@bors
Copy link
Contributor

bors bot commented Aug 22, 2023

Canceled.

@Taowyoo Taowyoo enabled auto-merge August 22, 2023 19:39
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 22, 2023
edited
Loading

Hi @raoulstrackx , could you please approve the PR instead of using bors?
The bors status check does not works well with Github-Action, so I changed master branch to use GitHub Merge queue instead.

@Taowyoo Taowyoo force-pushed the 307-mbedtlsx509certificatecertificateverify-segfaults-when-passing-in-an-empty-certificate-chain-to-verify branch from aa0425e to e282c66 Compare August 22, 2023 20:55
@Taowyoo Taowyoo disabled auto-merge August 29, 2023 20:05
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 30, 2023

bors ping

@bors
Copy link
Contributor

bors bot commented Aug 30, 2023

pong

@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 30, 2023

bors r+

bors bot added a commit that referenced this pull request Aug 30, 2023
@bors @Taowyoo
Merge #308
eda4886 
308: fix: return error when verify empty cert chain r=Taowyoo a=Taowyoo

For #307 on master.

Several back-port PRs needed for older versions.

Only return X509BadInputData error when candidate certificate chain is empty because:
- underlying `mbedtls` does not have null pointer check on it.
- underlying `mbedtls` has null pointer check on `trust_ca` chain during the process of finding parent certificate in the chain.

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 30, 2023

bors merge

@bors
Copy link
Contributor

bors bot commented Aug 30, 2023

Already running a review

@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 30, 2023

bors cancel

@bors
Copy link
Contributor

bors bot commented Aug 30, 2023

Canceled.

@Taowyoo
Copy link
Collaborator Author

Taowyoo commented Aug 30, 2023

bors r+

@bors
Copy link
Contributor

bors bot commented Aug 30, 2023

Build succeeded!

The publicly hosted instance of bors-ng is deprecated and will go away soon.

If you want to self-host your own instance, instructions are here.
For more help, visit the forum.

If you want to switch to GitHub's built-in merge queue, visit their help page.

  • ci

@bors bors bot merged commit 1cc1f47 into master Aug 30, 2023
@Taowyoo Taowyoo deleted the 307-mbedtlsx509certificatecertificateverify-segfaults-when-passing-in-an-empty-certificate-chain-to-verify branch August 30, 2023 18:43
bors bot added a commit that referenced this pull request Aug 30, 2023
@bors @Taowyoo
Merge #309
e0d2836 
309: [back-port][v0.9] fix: return error when verify empty cert chain r=xinyufort a=Taowyoo

back-port #308 to 0.9.X

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
bors bot added a commit that referenced this pull request Aug 30, 2023
@bors @Taowyoo
Merge #310
22b3281 
310: [back-port][v0.8] fix: return error when verify empty cert chain r=xinyufort a=Taowyoo

back-port #308 to 0.8.X

Co-authored-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jethrogb jethrogb Awaiting requested review from jethrogb

@mzohreva mzohreva Awaiting requested review from mzohreva

@Pagten Pagten Awaiting requested review from Pagten

@raoulstrackx raoulstrackx Awaiting requested review from raoulstrackx

@NicholasO-codes NicholasO-codes Awaiting requested review from NicholasO-codes

Assignees

@Taowyoo Taowyoo

Labels
bug
Projects
None yet
Milestone
No milestone
2 participants
@Taowyoo @raoulstrackx