From 64bbe21209b82b631f7fe09bf21af7c628327ada Mon Sep 17 00:00:00 2001 From: Serge Tupchii Date: Wed, 14 Jun 2023 18:52:55 +0300 Subject: [PATCH] fix(emqx_schema): use non negative integer type for 'depth' SSL option Closes: EMQX-10276 --- apps/emqx/src/emqx_schema.erl | 2 +- apps/emqx/test/emqx_schema_tests.erl | 8 ++++++++ changes/ce/fix-11051.en.md | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 changes/ce/fix-11051.en.md diff --git a/apps/emqx/src/emqx_schema.erl b/apps/emqx/src/emqx_schema.erl index 70dcaf840..67834839d 100644 --- a/apps/emqx/src/emqx_schema.erl +++ b/apps/emqx/src/emqx_schema.erl @@ -2044,7 +2044,7 @@ common_ssl_opts_schema(Defaults, Type) -> )}, {"depth", sc( - integer(), + non_neg_integer(), #{ default => Df("depth", 10), desc => ?DESC(common_ssl_opts_schema_depth) diff --git a/apps/emqx/test/emqx_schema_tests.erl b/apps/emqx/test/emqx_schema_tests.erl index a6e72cd27..446c9e586 100644 --- a/apps/emqx/test/emqx_schema_tests.erl +++ b/apps/emqx/test/emqx_schema_tests.erl @@ -106,6 +106,14 @@ ssl_opts_version_gap_test_() -> || S <- [Sc, RanchSc] ]. +ssl_opts_cert_depth_test() -> + Sc = emqx_schema:server_ssl_opts_schema(#{}, false), + Reason = #{expected_type => "non_neg_integer()"}, + ?assertThrow( + {_Sc, [#{kind := validation_error, reason := Reason}]}, + validate(Sc, #{<<"depth">> => -1}) + ). + bad_cipher_test() -> Sc = emqx_schema:server_ssl_opts_schema(#{}, false), Reason = {bad_ciphers, ["foo"]}, diff --git a/changes/ce/fix-11051.en.md b/changes/ce/fix-11051.en.md new file mode 100644 index 000000000..d782be226 --- /dev/null +++ b/changes/ce/fix-11051.en.md @@ -0,0 +1 @@ +Add validation to ensure that certificate 'depth' (listener SSL option) is a non negative integer.