Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CertificateToString() ignores PEM_write_bio_X509() error #10325

Open
Al2Klimov opened this issue Jan 24, 2025 · 0 comments
Open

CertificateToString() ignores PEM_write_bio_X509() error #10325

Al2Klimov opened this issue Jan 24, 2025 · 0 comments
Labels
area/distributed Distributed monitoring (master, satellites, clients)

Comments

@Al2Klimov
Copy link
Member

Describe the bug

CertificateToString() calls PEM_write_bio_X509() to write a cert as PEM into memory (BIO_new(BIO_s_mem())) and ignores any errors:

  • "Writes to memory BIOs will always succeed if memory is available" (bio_s_mem(3)), so this by itself shouldn'tTM be a problem unless OOM. But even in that enge case, I'd prefer an exception instead of a pseudo-successfully returned truncated result.
  • Also, something could theoretically be wrong with the certificate.

To Reproduce

icinga2/lib/base/tlsutility.cpp

Lines 802 to 805 in fe85bf1

String CertificateToString(X509* cert)
{
BIO *mem = BIO_new(BIO_s_mem());
PEM_write_bio_X509(mem, cert);

Expected behavior

If PEM_write_bio_X509() fails, throw an exception, just like MakeX509CSR().

Additional context

Random finding during:

ref/IP/57407
@Al2Klimov Al2Klimov added the area/distributed Distributed monitoring (master, satellites, clients) label Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/distributed Distributed monitoring (master, satellites, clients)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Al2Klimov