diff options
author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-01 20:45:21 +0100 |
---|---|---|
committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2015-08-01 20:45:21 +0100 |
commit | a08693f3a71a6537da9cfa7d9dda7781aef2bcdd (patch) | |
tree | 0c54f65a4f9008381f8187e2c2649c82d7ee5485 /src | |
parent | 0f984369c0f58f0d5db5cb1a6927b550afc89027 (diff) | |
download | cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.gz cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.tar.bz2 cryptography-a08693f3a71a6537da9cfa7d9dda7781aef2bcdd.zip |
check if the extension decoded to internal openssl repr
...and if not, raise an error (plus consume the error stack)
Diffstat (limited to 'src')
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/x509.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cryptography/hazmat/backends/openssl/x509.py b/src/cryptography/hazmat/backends/openssl/x509.py index 63e4a177..1c0c3acf 100644 --- a/src/cryptography/hazmat/backends/openssl/x509.py +++ b/src/cryptography/hazmat/backends/openssl/x509.py @@ -235,7 +235,12 @@ class _X509ExtensionParser(object): ) else: d2i = backend._lib.X509V3_EXT_d2i(ext) - assert d2i != backend._ffi.NULL + if d2i == backend._ffi.NULL: + backend._consume_errors() + raise ValueError( + "The {0} extension appears to be corrupt".format(oid) + ) + value = handler(backend, d2i) extensions.append(x509.Extension(oid, critical, value)) |