[Pki-devel] [PATCH] 0016 - Fix BasicConstraints min/max path length check
Fraser Tweedale
ftweedal at redhat.com
Thu Sep 25 06:07:56 UTC 2014
This patch fixes https://fedorahosted.org/pki/ticket/1035
-------------- next part --------------
>From ee503f8fc08243906c130149f41dc8d77442d9c7 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal at redhat.com>
Date: Thu, 25 Sep 2014 01:39:40 -0400
Subject: [PATCH] Fix BasicConstraints min/max path length check
The BasicConstraintsExtConstraint min/max path length validity check
ensures that the max length is greater than the min length, however,
when a negative value is used to represent "no max", the check
fails.
Only compare the min and max length if the max length is
non-negative.
Ticket #1035
---
.../netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
index ca2668f7db305122f330fca058b27801820a75b4..8fbea435825194d7d31ecda5e65414f1081eeb01 100644
--- a/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ b/base/server/cms/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
@@ -211,7 +211,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
int maxLen = getInt(value);
- if (minLen >= maxLen) {
+ if (maxLen >= 0 && minLen >= maxLen) {
CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!");
throw new EPropertyException("bad value");
--
1.9.3
More information about the Pki-devel
mailing list