check if the extension decoded to internal openssl repr

...and if not, raise an error (plus consume the error stack)
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-01 20:45:21 +0100
committer: Paul Kehrer <paul.l.kehrer@gmail.com> 2015-08-01 20:45:21 +0100
commit: a08693f3a71a6537da9cfa7d9dda7781aef2bcdd (patch)
tree: 0c54f65a4f9008381f8187e2c2649c82d7ee5485 /src
parent: 0f984369c0f58f0d5db5cb1a6927b550afc89027 (diff)
download: cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.gz
cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.bz2
cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py
index 63e4a177..1c0c3acf 100644
--- a/src/cryptography/hazmat/backends/openssl/x509.py
+++ b/src/cryptography/hazmat/backends/openssl/x509.py
@@ -235,7 +235,12 @@ class _X509ExtensionParser(object):
                     )
             else:
                 d2i = backend._lib.X509V3_EXT_d2i(ext)
-                assert d2i != backend._ffi.NULL
+                if d2i == backend._ffi.NULL:
+                    backend._consume_errors()
+                    raise ValueError(
+                        "The {0} extension appears to be corrupt".format(oid)
+                    )
+
                 value = handler(backend, d2i)
                 extensions.append(x509.Extension(oid, critical, value))
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-01 20:45:21 +0100
committer	Paul Kehrer <paul.l.kehrer@gmail.com>	2015-08-01 20:45:21 +0100
commit	a08693f3a71a6537da9cfa7d9dda7781aef2bcdd (patch)
tree	0c54f65a4f9008381f8187e2c2649c82d7ee5485 /src
parent	0f984369c0f58f0d5db5cb1a6927b550afc89027 (diff)
download	cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.gz cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.bz2 cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.zip