Attached patch fixes a problem with check for IssuerDN in Dogtag cert search results (found by Coverity; thanks to mbasti for brining to my attention).
Cheers, Fraser
From 6865c3fd0a2be19f247b0dabafc3688587af1b97 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale <ftwee...@redhat.com> Date: Mon, 27 Jun 2016 16:26:24 +1000 Subject: [PATCH] Fix IssuerDN presence check in cert search result When checking for presence of IssuerDN in certificate search result, we mistakenly check for the presence of the SubjectDN field, then unsafely index into the IssuerDN field. Check the presence of IssuerDN correctly. Part of: https://fedorahosted.org/freeipa/ticket/4559 --- ipaserver/plugins/dogtag.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/plugins/dogtag.py b/ipaserver/plugins/dogtag.py index 919ecfeaca6c3ca41040152157e5d275f230704a..aef1e888eb1b6c273c1fd12cbf4912407f8f8132 100644 --- a/ipaserver/plugins/dogtag.py +++ b/ipaserver/plugins/dogtag.py @@ -1903,7 +1903,7 @@ class ra(rabase.rabase): response_request['subject'] = unicode(dn[0].text) issuer_dn = cert.xpath('IssuerDN') - if len(dn) == 1: + if len(issuer_dn) == 1: response_request['issuer'] = unicode(issuer_dn[0].text) status = cert.xpath('Status') -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
