Skip to content

GitLab

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

gnutls
GnuTLS
Merge requests
!1134

Gnutls no longer accepts certificates whose notbefore field is a non-digits string

Review changes
Download
Patches
Plain diff

llqll requested to merge llqll/gnutls:issue-870 into master Dec 17, 2019

Overview 10
Commits 4
Pipelines 4
Changes 4

issues #870 (closed) describes gnutls accepting a certificate whose notbefore field is a non-digits string. According to RFC5280, gnutls should reject such certificates. the time in the certificate must be a string of numbers.

To solve the issue，add a check for the value of the notbefore or notafter field in the function _gnutls_utcTime2gtime. check whether the value of the notbefore or notafter field contains non-digits characters, and reject certificates whose notbefore or notafter include non-digits characters.

We also add file tests/cert-tests/cert-non-digits-time. This file is used to check if gnutls accepts a certificate whose time field is a non-digits string. this issue was found by our semantic differential fuzzer.

Resolves: #870 (closed)

Checklist

Commits have Signed-off-by: with name/author being identical to the commit author
Code modified for feature
Test suite updated with functionality tests
Test suite updated with negative tests
Documentation updated / NEWS entry present (for non-trivial changes)
CI timeout is 2h or higher (see Settings/CICD/General pipelines/Timeout)

Reviewer's checklist:

Any issues marked for closing are addressed
There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Dec 18, 2019 by llqll

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking