mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 22:27:35 +00:00
LibTLS: Don't attempt to read past EOF when parsing TBSCertificate
This allows the decoder to fail gracefully when reading a partial or malformed TBSCertificate. We also now ensure that the certificate data is valid before making a copy of it.
This commit is contained in:
Tim Ledbetter
Andreas Kling
parent
65b50ecc1a
commit
e6d9bb0774
4 changed files with 21 additions and 2 deletions
|
|
@ -1,4 +1,5 @@
|
|||
set(TEST_SOURCES
|
||||
TestTLSCertificateParser.cpp
|
||||
TestTLSHandshake.cpp
|
||||
)
|
||||
|
||||
|
|
|
|||
15
Tests/LibTLS/TestTLSCertificateParser.cpp
Normal file
15
Tests/LibTLS/TestTLSCertificateParser.cpp
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
/*
|
||||
* Copyright (c) 2023, Tim Ledbetter <timledbetter@gmail.com>
|
||||
*
|
||||
* SPDX-License-Identifier: BSD-2-Clause
|
||||
*/
|
||||
|
||||
#include <LibTLS/Certificate.h>
|
||||
#include <LibTest/TestCase.h>
|
||||
|
||||
TEST_CASE(certificate_with_malformed_tbscertificate_should_fail_gracefully)
|
||||
{
|
||||
Array<u8, 4> invalid_certificate_data { 0xB0, 0x02, 0x70, 0x00 };
|
||||
auto parse_result = TLS::Certificate::parse_certificate(invalid_certificate_data);
|
||||
EXPECT(parse_result.is_error());
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue