pki cert-find returns results when junk value is passed with --maxSerialNumber

[pki-bot]

This issue was migrated from Pagure Issue #3150. Originally filed by cipherboy (@cipherboy) on 2020-03-16 09:33:26:

• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1225321

---

Description of problem:

pki cert-find returns results when junk value is passed with --maxSerialNumber

pki -h pki2.example.org -p 30044 cert-find --maxSerialNumber "ABx4iMAtll7wex01lDym8sqqIOi8ZwgrJIqkoVes/FIHe84dgr1N3nRXTMh6pWkP0vM="

----------------
34 entries found
----------------
  Serial Number: 0x1
  Subject DN: CN=PKI ROOTCA Signing Cert,O=redhat
  Status: VALID
  Type: X.509 version 3
  Key Algorithm: PKCS 1 RSA with 2048-bit key
  Not Valid Before: Tue May 26 15:22:06 IST 2015
  Not Valid After: Sat May 26 15:22:06 IST 2035
  Issued On: Tue May 26 15:22:06 IST 2015
  Issued By: system

  Serial Number: 0x2
  Subject DN: CN=PKI ROOTCA OCSP Signing Certificate,O=Redhat
  Status: VALID
  Type: X.509 version 3
  Key Algorithm: PKCS 1 RSA with 2048-bit key
  Not Valid Before: Tue May 26 15:22:10 IST 2015
  Not Valid After: Mon May 15 15:22:10 IST 2017
  Issued On: Tue May 26 15:22:10 IST 2015
  Issued By: system

  Serial Number: 0x3
  Subject DN: CN=pki2.example.org,O=Redhat
  Status: VALID
  Type: X.509 version 3
  Key Algorithm: PKCS 1 RSA with 2048-bit key
  Not Valid Before: Tue May 26 15:22:10 IST 2015
  Not Valid After: Mon May 15 15:22:10 IST 2017
  Issued On: Tue May 26 15:22:10 IST 2015
  Issued By: system

Version-Release number of selected component (if applicable): pki-ca-10.2.3-2.el7.noarch pki-tools-10.2.3-2.el7.x86_64

Steps to reproduce 1.Install and configure CA subsystem 2.issue pki -h <host> -p <port> cert-find --maxSerialNumber "junkvalue"

Actual results:

Returns certs when random data is passed to cert-find --maxSerialNumber

Expected results:

No results should be returned

Additional info:

[pki-bot]

Comment from cipherboy (@cipherboy) at 2020-03-16 09:33:36

https://bugzilla.redhat.com/show_bug.cgi?id=1225321

[pki-bot]

Comment from cipherboy (@cipherboy) at 2020-03-16 09:33:37

Metadata Update from @cipherboy:

• Custom field component adjusted to None
• Custom field feature adjusted to None
• Custom field origin adjusted to None
• Custom field proposedmilestone adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1225321
• Custom field type adjusted to None
• Custom field version adjusted to None