Skip to content

Commit

Permalink
fix bug in the email address checking in the smime package to allow m…
Browse files Browse the repository at this point in the history 
…ultiple email address subject fields, but dsisallow multiple values in a single email address field

fixes a comment on zmap#753
  • Loading branch information
@cardonator
cardonator committed Jan 30, 2024
1 parent 5501b4f commit dca4c0c
Show file tree
Hide file tree
Showing 3 changed files with 63 additions and 10 deletions.
22 changes: 13 additions & 9 deletions v3/lints/cabf_smime_br/lint_single_email_if_present.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package cabf_smime_br

import (
"fmt"
"net/mail"

"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/v3/lint"
Expand Down Expand Up @@ -46,15 +47,18 @@ func (l *singleEmailIfPresent) CheckApplies(c *x509.Certificate) bool {
}

func (l *singleEmailIfPresent) Execute(c *x509.Certificate) *lint.LintResult {
if len(c.EmailAddresses) == 1 {
return &lint.LintResult{
Status: lint.Pass,
}
} else {
return &lint.LintResult{
Status: lint.Error,
Details: fmt.Sprintf("subject:emailAddress was present and contained %d names (%s)", len(c.EmailAddresses), c.EmailAddresses),
LintMetadata: lint.LintMetadata{},
for _, email := range c.EmailAddresses {
_, err := mail.ParseAddress(email)
if err != nil {
return &lint.LintResult{
Status: lint.Error,
Details: fmt.Sprintf("subject:emailAddress was present and contained an invalid email address (%s)", email),
LintMetadata: lint.LintMetadata{},
}
}
}

return &lint.LintResult{
Status: lint.Pass,
}
}
7 changes: 6 additions & 1 deletion v3/lints/cabf_smime_br/lint_single_email_if_present_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,13 @@ func TestSingleEmailIfPresent(t *testing.T) {
ExpectedResult: lint.NA,
},
{
Name: "Error - cert with multiple email addresses",
Name: "Pass - cert with multiple email addresses",
InputFilename: "smime/multiple_email_present.pem",
ExpectedResult: lint.Pass,
},
{
Name: "Error - email address present with mutliple values",
InputFilename: "smime/email_with_multiple_values.pem",
ExpectedResult: lint.Error,
},
}
Expand Down
44 changes: 44 additions & 0 deletions v3/testdata/smime/email_with_multiple_values.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Sep 30 00:00:00 2023 GMT
Not After : Nov 30 00:00:00 9998 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:b1:40:22:c1:13:22:0c:f6:64:60:55:a0:3c:7d:
3f:e5:81:49:00:bd:36:9f:ef:d6:29:c6:eb:28:e5:
d7:25:98:9b:f5:a5:e4:b3:95:0f:f6:af:bf:f5:b1:
32:39:3c:5e:6b:bc:0e:2d:cf:ea:39:55:50:25:55:
74:bd:e8:5e:f5
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name:
email:[email protected] [email protected], email:[email protected]
X509v3 Certificate Policies:
Policy: 2.23.140.1.5.1.1
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:44:02:20:0a:ad:0d:13:2f:8d:f2:ea:66:17:2d:d2:6a:63:
ff:4b:3f:01:0a:32:00:74:ce:cd:ea:e2:9f:0d:21:14:55:64:
02:20:6c:6a:fb:1b:64:88:d8:67:fe:39:a9:e7:77:29:a6:a3:
77:a5:34:8f:60:1a:85:e6:db:18:5b:e7:00:41:30:fb
-----BEGIN CERTIFICATE-----
MIIBYzCCAQqgAwIBAgIBAzAKBggqhkjOPQQDAjAAMCAXDTIzMDkzMDAwMDAwMFoY
Dzk5OTgxMTMwMDAwMDAwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsUAi
wRMiDPZkYFWgPH0/5YFJAL02n+/WKcbrKOXXJZib9aXks5UP9q+/9bEyOTxea7wO
Lc/qOVVQJVV0vehe9aNzMHEwEwYDVR0lBAwwCgYIKwYBBQUHAwQwRAYDVR0RBD0w
O4EldGVzdCsxQGV4YW1wbGUuY29tIHRlc3QrMkBleGFtcGxlLmNvbYESdGVzdCsz
QGV4YW1wbGUuY29tMBQGA1UdIAQNMAswCQYHZ4EMAQUBATAKBggqhkjOPQQDAgNH
ADBEAiAKrQ0TL43y6mYXLdJqY/9LPwEKMgB0zs3q4p8NIRRVZAIgbGr7G2SI2Gf+
Oanndymmo3elNI9gGoXm2xhb5wBBMPs=
-----END CERTIFICATE-----

0 comments on commit dca4c0c

Please sign in to comment.