mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-12-07 05:15:09 +00:00
343231: certutil issues certs for invalid requests. r=nelson
This commit is contained in:
parent
9a534e05f0
commit
e3c549190e
@ -271,12 +271,14 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
|
||||
}
|
||||
|
||||
rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii);
|
||||
if (rv)
|
||||
if (rv) {
|
||||
break;
|
||||
}
|
||||
certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
|
||||
(arena, sizeof(CERTCertificateRequest));
|
||||
if (!certReq)
|
||||
break;
|
||||
if (!certReq) {
|
||||
GEN_BREAK(SECFailure);
|
||||
}
|
||||
certReq->arena = arena;
|
||||
|
||||
/* Since cert request is a signed data, must decode to get the inner
|
||||
@ -285,24 +287,31 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
|
||||
PORT_Memset(&signedData, 0, sizeof(signedData));
|
||||
rv = SEC_ASN1DecodeItem(arena, &signedData,
|
||||
SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER);
|
||||
if (rv)
|
||||
if (rv) {
|
||||
break;
|
||||
|
||||
rv = SEC_ASN1DecodeItem(arena, certReq,
|
||||
}
|
||||
rv = SEC_ASN1DecodeItem(arena, certReq,
|
||||
SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
|
||||
} while (0);
|
||||
|
||||
if (!rv) {
|
||||
if (rv) {
|
||||
break;
|
||||
}
|
||||
rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
|
||||
&certReq->subjectPublicKeyInfo, NULL /* wincx */);
|
||||
} while (0);
|
||||
|
||||
if (reqDER.data) {
|
||||
SECITEM_FreeItem(&reqDER, PR_FALSE);
|
||||
}
|
||||
|
||||
if (rv) {
|
||||
PRErrorCode perr = PR_GetError();
|
||||
fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName,
|
||||
SECU_Strerror(perr));
|
||||
SECU_PrintError(progName, "bad certificate request\n");
|
||||
if (arena) {
|
||||
PORT_FreeArena(arena, PR_FALSE);
|
||||
}
|
||||
certReq = NULL;
|
||||
}
|
||||
return (certReq);
|
||||
|
||||
return certReq;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
|
Loading…
Reference in New Issue
Block a user