Skip to content
Snippets Groups Projects
Commit 29c1502cc85d authored by Paul Kehrer's avatar Paul Kehrer
Browse files

fix indexing on X509 request attribute value (#5312)

parent 687148398131
Branches
No related tags found
No related merge requests found
...@@ -92,6 +92,7 @@ ...@@ -92,6 +92,7 @@
int X509_REQ_get_attr_by_OBJ(const X509_REQ *, const ASN1_OBJECT *, int); int X509_REQ_get_attr_by_OBJ(const X509_REQ *, const ASN1_OBJECT *, int);
void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *, int, int, void *); void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *, int, int, void *);
ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *, int); ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *, int);
int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *);
int X509_REQ_add1_attr_by_txt(X509_REQ *, const char *, int, int X509_REQ_add1_attr_by_txt(X509_REQ *, const char *, int,
const unsigned char *, int); const unsigned char *, int);
......
...@@ -498,7 +498,11 @@ ...@@ -498,7 +498,11 @@
attr = self._backend._lib.X509_REQ_get_attr(self._x509_req, pos) attr = self._backend._lib.X509_REQ_get_attr(self._x509_req, pos)
self._backend.openssl_assert(attr != self._backend._ffi.NULL) self._backend.openssl_assert(attr != self._backend._ffi.NULL)
asn1_type = self._backend._lib.X509_ATTRIBUTE_get0_type(attr, pos) # We don't support multiple valued attributes for now.
self._backend.openssl_assert(
self._backend._lib.X509_ATTRIBUTE_count(attr) == 1
)
asn1_type = self._backend._lib.X509_ATTRIBUTE_get0_type(attr, 0)
self._backend.openssl_assert(asn1_type != self._backend._ffi.NULL) self._backend.openssl_assert(asn1_type != self._backend._ffi.NULL)
# We need this to ensure that our C type cast is safe. # We need this to ensure that our C type cast is safe.
# Also this should always be a sane string type, but we'll see if # Also this should always be a sane string type, but we'll see if
...@@ -513,7 +517,7 @@ ...@@ -513,7 +517,7 @@
)) ))
data = self._backend._lib.X509_ATTRIBUTE_get0_data( data = self._backend._lib.X509_ATTRIBUTE_get0_data(
attr, pos, asn1_type.type, self._backend._ffi.NULL attr, 0, asn1_type.type, self._backend._ffi.NULL
) )
self._backend.openssl_assert(data != self._backend._ffi.NULL) self._backend.openssl_assert(data != self._backend._ffi.NULL)
# This cast is safe iff we assert on the type above to ensure # This cast is safe iff we assert on the type above to ensure
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment