Add self-test of off-by-one size error.

2 files changed, 106 insertions, 1 deletions

diff --git a/tests/Makefile.am b/tests/Makefile.am
index 9f9bf9e187..78d565e999 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -57,7 +57,7 @@ ctests = simple gc set_pkcs12_cred certder mpi				\
 	certificate_set_x509_crl dn parse_ca moredn crypto_rng mini	\
 	finished hostname-check cve-2008-4989 pkcs12_s2k chainverify	\
 	crq_key_id x509sign-verify cve-2009-1415 cve-2009-1416		\
-	crq_apis init_roundtrip pkcs12_s2k_pem
+	crq_apis init_roundtrip pkcs12_s2k_pem dn2
 
 if ENABLE_OPENSSL
 ctests +=  openssl
diff --git a/tests/dn2.c b/tests/dn2.c
new file mode 100644
index 0000000000..83bd13243d
--- /dev/null
+++ b/tests/dn2.c
@@ -0,0 +1,105 @@
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ * Author: Simon Josefsson
+ *
+ * This file is part of GNUTLS.
+ *
+ * GNUTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GNUTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNUTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <stdio.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include "utils.h"
+
+static char pem[] =
+  "-----BEGIN CERTIFICATE-----\n"
+  "MIIFpzCCBI+gAwIBAgIQSOyh48ZYvgTFR8HspnpkMzANBgkqhkiG9w0BAQUFADCB\n"
+  "vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL\n"
+  "ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug\n"
+  "YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv\n"
+  "VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew\n"
+  "HhcNMDgxMTEzMDAwMDAwWhcNMDkxMTEzMjM1OTU5WjCB6zETMBEGCysGAQQBgjc8\n"
+  "AgEDEwJERTEZMBcGCysGAQQBgjc8AgEBFAhNdWVuY2hlbjEbMBkGA1UEDxMSVjEu\n"
+  "MCwgQ2xhdXNlIDUuKGIpMRMwEQYDVQQFEwpIUkIgMTQ0MjYxMQswCQYDVQQGEwJE\n"
+  "RTEOMAwGA1UEERQFODA4MDcxEDAOBgNVBAgTB0JhdmFyaWExETAPBgNVBAcUCE11\n"
+  "ZW5jaGVuMR0wGwYDVQQJFBRGcmFua2Z1cnRlciBSaW5nIDEyOTERMA8GA1UEChQI\n"
+  "R01YIEdtYkgxEzARBgNVBAMUCnd3dy5nbXguZGUwgZ8wDQYJKoZIhvcNAQEBBQAD\n"
+  "gY0AMIGJAoGBAN/ZbLu17YtZo2OGnOfQDwhQlCvks2c+5nJDXjnCHI/ykSGlPH4G\n"
+  "5qc7/TScNV1/g0bUTRCA11+aVkvf6haRZfgwbxpY1iySNv8eOlm52QAfh3diJQ9N\n"
+  "5LxQblLHMRxXSFCJThl4BYAt70YdNMT9mVD21xx6ae+m3xEuco31aV7ZAgMBAAGj\n"
+  "ggH0MIIB8DAJBgNVHRMEAjAAMB0GA1UdDgQWBBTW4UAZN3wEg5TRWaoM1angbgOX\n"
+  "tjALBgNVHQ8EBAMCBaAwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXBjAqMCgGCCsG\n"
+  "AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMD4GA1UdHwQ3MDUw\n"
+  "M6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVkludGwyMDA2\n"
+  "LmNybDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG+EIEATAf\n"
+  "BgNVHSMEGDAWgBROQ8gddu83U3pP8lhvlPM44tW93zB2BggrBgEFBQcBAQRqMGgw\n"
+  "KwYIKwYBBQUHMAGGH2h0dHA6Ly9FVkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYI\n"
+  "KwYBBQUHMAKGLWh0dHA6Ly9FVkludGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwy\n"
+  "MDA2LmNlcjBuBggrBgEFBQcBDARiMGChXqBcMFowWDBWFglpbWFnZS9naWYwITAf\n"
+  "MAcGBSsOAwIaBBRLa7kolgYMu9BSOJsprEsHiyEFGDAmFiRodHRwOi8vbG9nby52\n"
+  "ZXJpc2lnbi5jb20vdnNsb2dvMS5naWYwDQYJKoZIhvcNAQEFBQADggEBAKpNJQYO\n"
+  "JTp34I24kvRF01WpOWOmfBx4K1gqruda/7U0UZqgTgBJVvwraKf6WeTZpHRqDCTw\n"
+  "iwySv7jil+gLMT0qIZxL1pII90z71tz08h8xYi1MOLeciG87O9C5pteL/iEtiMxB\n"
+  "96B6WWBo9mzgwSM1d8LDhrarZ7uQhm+kBAMyEXhmDnCPWhvExvxJzjEmOlxjThyP\n"
+  "2yvIgfLyDfplRe+jUbsY7YNe08eEyoLRq1jwPuRWTaEx2gA7C6pq45747/HkJrtF\n"
+  "ya3ULM/AJv6Nj6pobxzQ5rEkUGEwKavu7GMjLrSMnHrbVCiQrn1v6c7B9nSPA31L\n"
+  "/do1TDFI0vSl5+M=\n"
+  "-----END CERTIFICATE-----\n";
+
+static const char *info = "subject `1.3.6.1.4.1.311.60.2.1.3=#13024445,1.3.6.1.4.1.311.60.2.1.1=#14084d75656e6368656e,2.5.4.15=#131256312e302c20436c6175736520352e286229,serialNumber=HRB 144261,C=DE,2.5.4.17=#14053830383037,ST=Bavaria,L=Muenchen,STREET=Frankfurter Ring 129,O=GMX GmbH,CN=www.gmx.de', issuer `C=US,O=VeriSign\\, Inc.,OU=VeriSign Trust Network,OU=Terms of use at https://www.verisign.com/rpa (c)06,CN=VeriSign Class 3 Extended Validation SSL SGC CA', RSA key 1024 bits, signed using RSA-SHA, activated `2008-11-13 00:00:00 UTC', expires `2009-11-13 23:59:59 UTC', SHA-1 fingerprint `7ece297c45d5b17685224b4e929a30e91a9553cb'";
+
+void
+doit (void)
+{
+  gnutls_datum_t der = { pem, sizeof (pem) };
+  gnutls_x509_crt_t cert;
+  gnutls_datum_t out;
+  int ret;
+
+  ret = gnutls_global_init ();
+  if (ret < 0)
+    fail ("init %d\n", ret);
+
+  ret = gnutls_x509_crt_init (&cert);
+  if (ret < 0)
+    fail ("crt_init %d\n", ret);
+
+  ret = gnutls_x509_crt_import (cert, &der, GNUTLS_X509_FMT_PEM);
+  if (ret < 0)
+    fail ("crt_import %d\n", ret);
+
+  ret = gnutls_x509_crt_print (cert, GNUTLS_CRT_PRINT_ONELINE, &out);
+  if (ret < 0)
+    fail ("x509_crt_print %d\n", ret);
+
+  if (out.size == strlen (info) && strcmp (out.data, info) == 0)
+    success ("comparison ok\n");
+  else
+    fail ("comparison fail (%d/%d)\nexpect: %s\n   got: %.*s\n",
+	  out.size, strlen (info),
+	  info,
+	  out.size, out.data);
+
+  gnutls_x509_crt_deinit (cert);
+  gnutls_global_deinit ();
+
+  success ("done\n");
+}