From 63abbfb8c297c98ff484958fcb152e12d0c46650 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 31 Mar 2023 08:48:11 -0400 Subject: [PATCH] Reject invalid versions in X509Req.set_version --- CHANGELOG.rst | 2 ++ src/OpenSSL/crypto.py | 6 ++++++ tests/test_crypto.py | 2 ++ 3 files changed, 10 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index f21913762..b7e2794d5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -16,6 +16,8 @@ Deprecations: Changes: ^^^^^^^^ +- Invalid versions are now rejected in ``OpenSSL.crypt.X509Req.set_version``. + 23.1.1 (2023-03-28) ------------------- diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index f5dd312ef..a3d9e9aaa 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1010,6 +1010,12 @@ def set_version(self, version: int) -> None: :param int version: The version number. :return: ``None`` """ + if not isinstance(version, int): + raise TypeError("version must be an int") + if version != 0: + raise ValueError( + "Invalid version. The only valid version for X509Req is 0." + ) set_result = _lib.X509_REQ_set_version(self._req, version) _openssl_assert(set_result == 1) diff --git a/tests/test_crypto.py b/tests/test_crypto.py index 3212fba41..60db39288 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -1624,6 +1624,8 @@ def test_version_wrong_args(self): request = X509Req() with pytest.raises(TypeError): request.set_version("foo") + with pytest.raises(ValueError): + request.set_version(2) def test_get_subject(self): """