[Pki-devel] [PATCH] 0016 - Fix BasicConstraints min/max path length check
Fraser Tweedale
ftweedal at redhat.com
Thu Nov 20 06:58:46 UTC 2014
Ping. Who wants to review this :)
On Thu, Sep 25, 2014 at 04:07:56PM +1000, Fraser Tweedale wrote:
> This patch fixes https://fedorahosted.org/pki/ticket/1035
> >From ee503f8fc08243906c130149f41dc8d77442d9c7 Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale <ftweedal at redhat.com>
> Date: Thu, 25 Sep 2014 01:39:40 -0400
> Subject: [PATCH] Fix BasicConstraints min/max path length check
>
> The BasicConstraintsExtConstraint min/max path length validity check
> ensures that the max length is greater than the min length, however,
> when a negative value is used to represent "no max", the check
> fails.
>
> Only compare the min and max length if the max length is
> non-negative.
>
> Ticket #1035
> ---
> .../netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
> index ca2668f7db305122f330fca058b27801820a75b4..8fbea435825194d7d31ecda5e65414f1081eeb01 100644
> --- a/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
> +++ b/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
> @@ -211,7 +211,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
>
> int maxLen = getInt(value);
>
> - if (minLen >= maxLen) {
> + if (maxLen >= 0 && minLen >= maxLen) {
> CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!");
>
> throw new EPropertyException("bad value");
> --
> 1.9.3
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list