diff options
author | Sumit Bose <sbose@redhat.com> | 2017-09-06 12:20:25 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-09-14 16:57:04 +0200 |
commit | f5a8cd60c6f377af1954b58f007d16cf3f6dc846 (patch) | |
tree | 526a4f23b9965f40b50e43e4d632287df6f6dc11 /src/tests | |
parent | c20a9efbf5da0587fbb6a855a2d366ce19f1abe1 (diff) | |
download | sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.gz sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.tar.xz sssd-f5a8cd60c6f377af1954b58f007d16cf3f6dc846.zip |
certmap: make sure eku_oid_list is always allocated
If there are only OIDs in a <EKU> part of a matching rule a NULL pointer
dereference might occur.
Related to https://pagure.io/SSSD/sssd/issue/3508
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/tests')
-rw-r--r-- | src/tests/cmocka/test_certmap.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_certmap.c b/src/tests/cmocka/test_certmap.c index f1e73875b..6ab310326 100644 --- a/src/tests/cmocka/test_certmap.c +++ b/src/tests/cmocka/test_certmap.c @@ -449,6 +449,23 @@ static void test_sss_certmap_add_matching_rule(void **state) assert_null( ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list[3]); + ret = sss_certmap_add_rule(ctx, 96, + "KRB5:<EKU>1.2.3", + NULL, NULL); + assert_int_equal(ret, 0); + assert_non_null(ctx->prio_list); + assert_non_null(ctx->prio_list->rule_list); + assert_non_null(ctx->prio_list->rule_list->parsed_match_rule); + assert_int_equal(ctx->prio_list->rule_list->parsed_match_rule->r, + relation_and); + assert_non_null(ctx->prio_list->rule_list->parsed_match_rule->eku); + assert_true(string_in_list("1.2.3", + discard_const( + ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list), + true)); + assert_null( + ctx->prio_list->rule_list->parsed_match_rule->eku->eku_oid_list[1]); + /* SAN tests */ ret = sss_certmap_add_rule(ctx, 89, "KRB5:<SAN>abc", NULL, NULL); assert_int_equal(ret, 0); |