Description of problem: Possible errors in X509 certificate are not handled properly. # rhui-manager cert upload --cert /root/test_90961.pem Traceback (most recent call last): File "/usr/bin/rhui-manager", line 16, in <module> rhui.tools.launcher.main() File "/usr/lib/python2.6/site-packages/rhui/tools/launcher.py", line 348, in main cli.run(args) File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 272, in run command_or_section.execute(remaining_args) File "/usr/lib/python2.6/site-packages/rhui/common/cli.py", line 113, in execute self.method(**arg_dict) File "/usr/lib/python2.6/site-packages/rhui/tools/commands/cert.py", line 52, in upload self.cert_manager.add_certificate(cert_filename) File "/usr/lib/python2.6/site-packages/rhui/tools/cert_manager.py", line 273, in add_certificate entitlements = cert_utils.entitlements_in_cert(cert_filename) File "/usr/lib/python2.6/site-packages/rhui/common/cert_utils.py", line 52, in entitlements_in_cert cert.read(cert_filename) File "/usr/lib/python2.6/site-packages/rhui/common/certificate.py", line 123, in read self.update(content) File "/usr/lib/python2.6/site-packages/rhui/common/certificate.py", line 46, in update x509 = X509.load_cert_string(content) File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 655, in load_cert_string return load_cert_bio(bio, format) File "/usr/lib64/python2.6/site-packages/M2Crypto/X509.py", line 639, in load_cert_bio raise X509Error(Err.get_error()) M2Crypto.X509.X509Error: 140146117134080:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 140146117134080:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1307: 140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:660: 140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:712: 140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=issuer, Type=X509_CINF 140146117134080:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=cert_info, Type=X509 140146117134080:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83: Version-Release number of selected component (if applicable): rh-rhui-tools-2.1.13-1.el6_3.noarch How reproducible: 100% Steps to Reproduce: 1. Install RHUI 2. Get broken entitlement certificate (sed -i 's,a,b,' /path/to/cert, for example) 3. Try to upload this cert to RHUI Actual results: Python trace Expected results: Error message like 'Provided content cert is broken' Additional info:
The traceback is no longer shown on the command line, and I added the follow message to the output for this error: "The given certificate appears malformed. See the log file for more information." cloude commit: 93e031fba753c09bf8e306e268b45bbd53fa3357
[root@rhua ~]# rpm -q rh-rhui-tools rh-rhui-tools-2.1.15-1.el6_3.noarch [root@rhua ~]# mkdir -p `dirname /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem` && echo SUCCESS SUCCESS [root@rhua ~]# cat /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem | sed 's,a,b,' > /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem.broken && echo SUCCESS SUCCESS [root@rhua ~]# rhui-manager cert upload --cert /var/lib/rhui-testing-tools/8a85f98135a68e6b0135a692ab84073a.pem.broken The given certificate appears malformed. See the log file for more information. An unexpected error has occurred during the last operation. 140408666932992:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142: 140408666932992:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1307: 140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:660: 140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:712: 140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=issuer, Type=X509_CINF 140408666932992:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:752:Field=cert_info, Type=X509 140408666932992:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0571.html