diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-23 19:21:23 -0600 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-12-23 19:21:47 -0600 |
| commit | 1f943ab1a6ed391ef9474152e3f5ccb666cce4c9 (patch) | |
| tree | 6258c6d63048af073edc834a362d746af6c9106c | |
| parent | 585e8dda186dfc855e045923ab39b5772c2743fd (diff) | |
| download | cryptography-1f943ab1a6ed391ef9474152e3f5ccb666cce4c9.tar.gz cryptography-1f943ab1a6ed391ef9474152e3f5ccb666cce4c9.tar.bz2 cryptography-1f943ab1a6ed391ef9474152e3f5ccb666cce4c9.zip | |
add test that fails if CRL references aren't properly retained
If the X509_CRL reference is not properly retained then this
test will return an openssl error or potentially a crash as it's
reading freed memory to obtain the revocation_date and serial_number
| -rw-r--r-- | tests/test_x509.py | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/tests/test_x509.py b/tests/test_x509.py index ae2746e3..034e5601 100644 --- a/tests/test_x509.py +++ b/tests/test_x509.py @@ -6,6 +6,7 @@ from __future__ import absolute_import, division, print_function import binascii import datetime +import gc import ipaddress import os @@ -173,6 +174,24 @@ class TestCertificateRevocationList(object): # Check that len() works for CRLs. assert len(crl) == 12 + def test_revoked_cert_retrieval_retain_only_revoked(self, backend): + """ + This test attempts to trigger the crash condition described in + https://github.com/pyca/cryptography/issues/2557 + """ + crl = _load_cert( + os.path.join("x509", "custom", "crl_all_reasons.pem"), + x509.load_pem_x509_crl, + backend + ) + revoked = crl[11] + crl = "overwritten" + # force a gc collection to potentially X509_CRL_free if there are + # no references to the X509_CRL left. + gc.collect() + assert revoked.revocation_date == datetime.datetime(2015, 1, 1, 0, 0) + assert revoked.serial_number == 11 + def test_extensions(self, backend): crl = _load_cert( os.path.join("x509", "custom", "crl_ian_aia_aki.pem"), |