fix aia encoding memory leak (#4889)

* fix aia encoding memory leak * don't return anything from the prealloc func
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2019-05-18 16:37:54 -0400
committer: Alex Gaynor <alex.gaynor@gmail.com> 2019-05-18 16:37:54 -0400
commit: 9a22851fab924fd58482fdad3f8dd23dc3987f91 (patch)
tree: c44e4933ba0c51d0d6b6e3eac2afcd237eedcbce /tests
parent: 97af501780534065739a251dc6bafd74b6bf7f19 (diff)
download: cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.tar.gz
cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.tar.bz2
cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.zip
1 files changed, 60 insertions, 0 deletions
diff --git a/tests/hazmat/backends/test_openssl_memleak.py b/tests/hazmat/backends/test_openssl_memleak.py
index f9ae1c46..935ea3df 100644
--- a/tests/hazmat/backends/test_openssl_memleak.py
+++ b/tests/hazmat/backends/test_openssl_memleak.py
@@ -389,3 +389,63 @@ class TestOpenSSLMemoryLeaks(object):
                 x509.IssuingDistributionPoint
             )
         """))
+
+    def test_create_certificate_with_extensions(self):
+        assert_no_memory_leaks(textwrap.dedent("""
+        def func():
+            import datetime
+
+            from cryptography import x509
+            from cryptography.hazmat.backends.openssl import backend
+            from cryptography.hazmat.primitives import hashes
+            from cryptography.hazmat.primitives.asymmetric import ec
+            from cryptography.x509.oid import (
+                AuthorityInformationAccessOID, ExtendedKeyUsageOID, NameOID
+            )
+
+            private_key = ec.generate_private_key(ec.SECP256R1(), backend)
+
+            not_valid_before = datetime.datetime.now()
+            not_valid_after = not_valid_before + datetime.timedelta(days=365)
+
+            aia = x509.AuthorityInformationAccess([
+                x509.AccessDescription(
+                    AuthorityInformationAccessOID.OCSP,
+                    x509.UniformResourceIdentifier(u"http://ocsp.domain.com")
+                ),
+                x509.AccessDescription(
+                    AuthorityInformationAccessOID.CA_ISSUERS,
+                    x509.UniformResourceIdentifier(u"http://domain.com/ca.crt")
+                )
+            ])
+            sans = [u'*.example.org', u'foobar.example.net']
+            san = x509.SubjectAlternativeName(list(map(x509.DNSName, sans)))
+
+            ski = x509.SubjectKeyIdentifier.from_public_key(
+                private_key.public_key()
+            )
+            eku = x509.ExtendedKeyUsage([
+                ExtendedKeyUsageOID.CLIENT_AUTH,
+                ExtendedKeyUsageOID.SERVER_AUTH,
+                ExtendedKeyUsageOID.CODE_SIGNING,
+            ])
+
+            builder = x509.CertificateBuilder().serial_number(
+                777
+            ).issuer_name(x509.Name([
+                x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+            ])).subject_name(x509.Name([
+                x509.NameAttribute(NameOID.COUNTRY_NAME, u'US'),
+            ])).public_key(
+                private_key.public_key()
+            ).add_extension(
+                aia, critical=False
+            ).not_valid_before(
+                not_valid_before
+            ).not_valid_after(
+                not_valid_after
+            )
+
+            cert = builder.sign(private_key, hashes.SHA256(), backend)
+            cert.extensions
+        """))
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2019-05-18 16:37:54 -0400
committer	Alex Gaynor <alex.gaynor@gmail.com>	2019-05-18 16:37:54 -0400
commit	9a22851fab924fd58482fdad3f8dd23dc3987f91 (patch)
tree	c44e4933ba0c51d0d6b6e3eac2afcd237eedcbce /tests
parent	97af501780534065739a251dc6bafd74b6bf7f19 (diff)
download	cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.tar.gz cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.tar.bz2 cryptography-9a22851fab924fd58482fdad3f8dd23dc3987f91.zip