Skip to content

Client pki list does not validate submitted request #11567

New issue
New issue
Open
Bug
#11611
Open
Client pki list does not validate submitted request#11567
Bug
#11611
Assignees
FirelightFlagboy
Labels
A-ClientArea: Parsec desktop applicationC-PKICategory: Smartcard or PKI support in ParsecI-RustImpact: Rust-related stuff
@FirelightFlagboy

Description

@FirelightFlagboy
FirelightFlagboy
opened on Nov 5, 2025

The code at

parsec-cloud/libparsec/crates/client/src/client/pki_enrollment_list.rs

Lines 25 to 39 in ffb3342

pub async fn list_enrollments(
cmds: &AuthenticatedCmds,
) -> Result<Vec<PkiEnrollmentListItem>, PkiEnrollmentListError> {
use authenticated_cmds::latest::pki_enrollment_list::{Rep, Req};
let rep = cmds.send(Req).await?;
match rep {
Rep::Ok { enrollments } => Ok(enrollments),
Rep::AuthorNotAllowed => Err(PkiEnrollmentListError::AuthorNotAllowed),
rep @ Rep::UnknownStatus { .. } => {
Err(anyhow::anyhow!("Unexpected server response: {:?}", rep).into())
}
}
}

Only list the value from the server without doing any validation (do we trust the request)

Metadata

Metadata

Assignees

Labels

A-ClientArea: Parsec desktop applicationC-PKICategory: Smartcard or PKI support in ParsecI-RustImpact: Rust-related stuff

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions