Correct c-struct 'null' checks, fix failing tests due to expired certs, improve openssl error handling #74
+276
−81
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'-a stderr -a stdout' is unneeded since that's the default, and '-i' already does '-a stdin' so that was redundant. Setting the entrypoint to empty string was also really weird!
Some of the testcerts expired in 2017, so tests started failing! This regenerates them with fairly similar certificates. The script used to generate them is included for regeneration. Test changes, to use these new certs, follow in the next commit.
This replaces hardcoded certificates with loading them from disk for the tests. This allows swapping around certs much more easily. This also swaps out all expired certs so tests pass again.
In luajit, a null pointer is distinct from nil, and thus "truthy". That is to say, `if not c_ffi_struct` will never evaluate to true, even if the struct is null. However, a null ffi struct does compare equal to nil, so the new comparison corrects this issue. This fixes numerous bugs in this library, including multiple cases of uninitialized data being passed into functions leading to null pointer dereferences, buffer overflows, and more.
Openssl maintains an error queue. A given function may add multiple errors to that queue, and only printing the last one is worse than printing the whole thing. In fact, as it was implemented before, the output was not consistent; e.g. the same error could produce different messages.
The null check issue would result in totally invalid pubkeys not bailing out the whole thing. This adds a test which failed prior to the null struct fix.
euank
force-pushed
the
null-nil-not-noo
branch
from
79ad19d to
495a8d7
Compare
ghost
mentioned this pull request
Closed
|
Ope, just now seeing this! Adding this to my new fork at https://github.com/cdbattags/lua-resty-jwt. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR does a lot because, well, to make the tests not fail due to frankdd certs that expired in late 2017, a lot of stuff was required.
The main point of this PR, however, is the "Correct c-struct 'null' checks" commit.
The use of
if not c_structto check whether something was null didn't work, and so it was fairly easy to end up with memory unsafe behaviour when anything other than the completely happy path was hit in the openssl integration.cc @SkyLothar