From a08693f3a71a6537da9cfa7d9dda7781aef2bcdd Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 1 Aug 2015 20:45:21 +0100 Subject: check if the extension decoded to internal openssl repr ...and if not, raise an error (plus consume the error stack) --- src/cryptography/hazmat/backends/openssl/x509.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 63e4a177..1c0c3acf 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -235,7 +235,12 @@ class _X509ExtensionParser(object): ) else: d2i = backend._lib.X509V3_EXT_d2i(ext) - assert d2i != backend._ffi.NULL + if d2i == backend._ffi.NULL: + backend._consume_errors() + raise ValueError( + "The {0} extension appears to be corrupt".format(oid) + ) + value = handler(backend, d2i) extensions.append(x509.Extension(oid, critical, value)) -- cgit v1.2.3 From 1b7500f5f91a9ad07f5f15caf17264753173f8d8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 1 Aug 2015 20:56:27 +0100 Subject: corrupt -> invalid --- src/cryptography/hazmat/backends/openssl/x509.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 1c0c3acf..2572cc41 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -238,7 +238,8 @@ class _X509ExtensionParser(object): if d2i == backend._ffi.NULL: backend._consume_errors() raise ValueError( - "The {0} extension appears to be corrupt".format(oid) + "The {0} extension is invalid and can't be " + "parsed".format(oid) ) value = handler(backend, d2i) -- cgit v1.2.3