This validator checks for any attribute certificate it can find for validated
end entity certificates and tries to extract group membership information
used for connection authorization rules.
We still try to calculate these directly as it can avoid a dependency on
the pkcs1 or other plugins. But for e.g. PGPv3 keys we need to delegate the
actual fingerprint calculation to the pgp plugin.
The Blowfish and Twofish implementations provided by the gcrypt plugin
only support specific key lengths, which we don't know when testing
against vectors (either during unit tests or during algorithm
registration). The on_create test with a specific key length will be
skipped anyway, so there is no point in treating this failure differently.
Previously, the {ns}.crypto_test.on_add option had to be enabled to
actually test the algorithms, which we can't enforce for the tests in
the test_runner as the option is already read when the crypto factory
is initialized. Even so, we wouldn't want to do this for every unit
test, which would be the result of enabling that option.
Because GCC does not adhere to the priorities defined for constructors
when building with --enable-monolithic (not sure if it was just luck
that it worked in non-monolithic mode - anyway, it's not very portable)
function registration would fail because the hashtable would not be
created yet.
Clang does not initialize padding in union members so hashing the
complete "arg" union could lead to different hashes if the hashed
plugin_feature_t does not have static storage duration.
Fixes#549.
A valgrind analysis of libstrongswan revealed an invalid read of 1 in
the function starts_with(). A more thorough analysis proved this to be
true and showed that with a specially crafted config file (e.g. a single
'#'-character not followed by a newline), the parser might even
interpret the random memory contents following the allocated buffer as
part of the configuration file.
The way the parser is designed, it must be able to skip an inserted
'\0' and continue parsing. Since it is not able to skip two '\0'
characters, the 'fix' of allocating two more bytes than the size of the
parsed file and setting them to '\0' seems to be a safe bet.
Signed-off-by: Thomas Egerer <thomas.egerer@secunet.com>
dirname(3) may return a pointer to a statically allocated buffer.
So freeing the returned value can result to undefined behavior. This was
noticed on FreeBSD where it caused very strange crashes.
It is also not thread-safe, which will be addressed later.
Martin Willi