diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2015-08-01 16:51:38 -0400 |
---|---|---|
committer | Alex Gaynor <alex.gaynor@gmail.com> | 2015-08-01 16:51:38 -0400 |
commit | 582a0bccf80ad16c1b689aa5bc5bde4b5fcd5be5 (patch) | |
tree | 3a0b8404dc5af90327a86a8256c82cfcd03146de /src | |
parent | 877bdf01d60fb0b56dae31e1b8a2bdad2a9f4fc2 (diff) | |
parent | 1b7500f5f91a9ad07f5f15caf17264753173f8d8 (diff) | |
download | cryptography-582a0bccf80ad16c1b689aa5bc5bde4b5fcd5be5.tar.gz cryptography-582a0bccf80ad16c1b689aa5bc5bde4b5fcd5be5.tar.bz2 cryptography-582a0bccf80ad16c1b689aa5bc5bde4b5fcd5be5.zip |
Merge pull request #2186 from reaperhulk/handle-corrupt-extensions
Handle invalid x509 extension payloads
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 2af465c6..facf318b 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -235,7 +235,13 @@ class _X509ExtensionParser(object): ) else: d2i = backend._lib.X509V3_EXT_d2i(ext) - assert d2i != backend._ffi.NULL + if d2i == backend._ffi.NULL: + backend._consume_errors() + raise ValueError( + "The {0} extension is invalid and can't be " + "parsed".format(oid) + ) + value = handler(backend, d2i) extensions.append(x509.Extension(oid, critical, value)) |