Skip to content

Don't panic on empty cert list or unsupported format. #231

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Don't panic on empty cert list or unsupported format. #231

wants to merge 1 commit into from

Conversation

@roblabla
Copy link
Contributor

@roblabla roblabla commented Oct 8, 2025

Currently, if the certificate list is missing or contains unsupported cert format, authenticode-rs will panic when calling the certificates function, which is not ideal.

@roblabla roblabla force-pushed the dont-panic-weird-cert branch from 8830ed5 to 8787549 Compare October 9, 2025 11:04
@roblabla
Copy link
Contributor Author

roblabla commented Oct 9, 2025

Fixed the clippy error.

nicholasbishop
nicholasbishop reviewed Oct 13, 2025
View reviewed changes
authenticode/src/signature.rs
Some(cert)
} else {
panic!()
None
Copy link
Collaborator

@nicholasbishop nicholasbishop Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think perhaps we should perhaps change the iterator item type to something like Result<&Certificate, CertificateIterError>. Silently skipping over certificates matching CertificateChoices::Other seems like it could lead to incorrect validation against the certificate chain.

Copy link
Contributor Author

@roblabla roblabla Oct 13, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well if we're going to be changing the signature of the function, we should probably just be returning the CertificateChoice directly in the iterator?

Silently skipping over certificates matching CertificateChoices::Other seems like it could lead to incorrect validation against the certificate chain.

I mean, the worse that can happen is that we fail to validate the chain due to a missing certificate. Which feels fine? And anyways, I'm pretty sure windows skips over certificates it doesn't know how to handle either - though I'll need to double check that (should be as simple as adding an unused Other certificate in the certificate set).

Copy link
Collaborator

@nicholasbishop nicholasbishop Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point about returning CertificateChoice directly, let's do that.

I could be convinced that skipping is the right thing to do if we confirm that Windows does that (and add a note about that behavior in the function's docstring).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nicholasbishop nicholasbishop nicholasbishop left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@roblabla @nicholasbishop