New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: The if's condition checks that err is not nil but returns nil #49135
Comments
cc @FiloSottile |
Comparing marshalBasicConstraints to marshalExtKeyUsage and marshalCertificatePolicies it looks like an error. But I don't think that the error path is reachable, since I don't know how asn1.Marshal should fail. It is more concerning that the function would encode maxPathLen < -1 and parseBasicConstraintsExtension would parse that without raising an error. Certficate.isValid() would not detect a problem because it does only a check if the value is not negative. With a simple test for marshalBasicConstraints I could create following DER value: The encoding is in violation of RFC5280 section 4.2.1.9 which defines basic constraints as:
|
This seems to be a TP and have been fixed in https://cs.opensource.google/go/go/+/6b223e872a255b2722ea921c9d42adcbb5d1d4d5. Now it looks like
This code is not very clean though, since it is equivalent to
|
This issue can be closed now? |
Closing due to inactivity and, more importantly, the fact that the bug in OP is fixed now. |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I had run nilerr which is a static analysis tool. It can find a return statement returning nil when error is not nil as a following.
I had run nilerr for standard packages in Go1.17.2. These output are false positive mostly. But I think crypt/x509 package has a wrong return statement.
What did you expect to see?
The if's condition (in crypto/x509/x509.go) checks that err is not nil but returns nil.
https://cs.opensource.google/go/go/+/master:src/crypto/x509/x509.go;l=1293
Is the return statement in the if block is wrong?
What did you see instead?
I don't know what is correct because I don't catch details of code.
The text was updated successfully, but these errors were encountered: