Skip to content

CertificateToString() ignores PEM_write_bio_X509() error #10325

New issue
New issue
Open
Bug
Open
CertificateToString() ignores PEM_write_bio_X509() error#10325
Bug
Labels
area/distributedDistributed monitoring (master, satellites, clients)
@Al2Klimov

Description

@Al2Klimov
Al2Klimov
opened on Jan 24, 2025

Describe the bug

CertificateToString() calls PEM_write_bio_X509() to write a cert as PEM into memory (BIO_new(BIO_s_mem())) and ignores any errors:

  • "Writes to memory BIOs will always succeed if memory is available" (bio_s_mem(3)), so this by itself shouldn'tTM be a problem unless OOM. But even in that enge case, I'd prefer an exception instead of a pseudo-successfully returned truncated result.
  • Also, something could theoretically be wrong with the certificate.

To Reproduce

icinga2/lib/base/tlsutility.cpp

Lines 802 to 805 in fe85bf1

String CertificateToString(X509* cert)
{
BIO *mem = BIO_new(BIO_s_mem());
PEM_write_bio_X509(mem, cert);

Expected behavior

If PEM_write_bio_X509() fails, throw an exception, just like MakeX509CSR().

Additional context

Random finding during:

ref/IP/57407

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    area/distributedDistributed monitoring (master, satellites, clients)

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions