From b3514eb22f0c1cb7f36dfcffe06303f22fbbadd5 Mon Sep 17 00:00:00 2001
From: Steven Clark <steven.clark@hashicorp.com>
Date: Thu, 17 Nov 2022 15:04:37 -0500
Subject: [PATCH] certutil.ParseHexFormatted fails parsing 80 hex and above
 (#18018)

- Switch to using ParseUint of 8 bits to parse the hex values properly
   as ParseInt limited to 8 bits will only handle values up to 127
   decimal or 7F.
---
 sdk/helper/certutil/certutil_test.go | 6 +++++-
 sdk/helper/certutil/helpers.go       | 6 +++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/sdk/helper/certutil/certutil_test.go b/sdk/helper/certutil/certutil_test.go
index 60b4888495..9c10f38a81 100644
--- a/sdk/helper/certutil/certutil_test.go
+++ b/sdk/helper/certutil/certutil_test.go
@@ -26,7 +26,7 @@ import (
 
 // Tests converting back and forth between a CertBundle and a ParsedCertBundle.
 //
-// Also tests the GetSubjKeyID, GetHexFormatted, and
+// Also tests the GetSubjKeyID, GetHexFormatted, ParseHexFormatted and
 // ParsedCertBundle.getSigner functions.
 func TestCertBundleConversion(t *testing.T) {
 	cbuts := []*CertBundle{
@@ -245,6 +245,10 @@ func compareCertBundleToParsedCertBundle(cbut *CertBundle, pcbut *ParsedCertBund
 		return fmt.Errorf("bundle serial number does not match")
 	}
 
+	if !bytes.Equal(pcbut.Certificate.SerialNumber.Bytes(), ParseHexFormatted(cb.SerialNumber, ":")) {
+		return fmt.Errorf("failed re-parsing hex formatted number %s", cb.SerialNumber)
+	}
+
 	switch {
 	case len(pcbut.CAChain) > 0 && len(cb.CAChain) == 0:
 		return fmt.Errorf("parsed bundle ca chain has certs when cert bundle does not")
diff --git a/sdk/helper/certutil/helpers.go b/sdk/helper/certutil/helpers.go
index 58ebc06f2d..eace1aafd1 100644
--- a/sdk/helper/certutil/helpers.go
+++ b/sdk/helper/certutil/helpers.go
@@ -100,13 +100,13 @@ func GetHexFormatted(buf []byte, sep string) string {
 func ParseHexFormatted(in, sep string) []byte {
 	var ret bytes.Buffer
 	var err error
-	var inBits int64
+	var inBits uint64
 	inBytes := strings.Split(in, sep)
 	for _, inByte := range inBytes {
-		if inBits, err = strconv.ParseInt(inByte, 16, 8); err != nil {
+		if inBits, err = strconv.ParseUint(inByte, 16, 8); err != nil {
 			return nil
 		}
-		ret.WriteByte(byte(inBits))
+		ret.WriteByte(uint8(inBits))
 	}
 	return ret.Bytes()
 }