343231: certutil issues certs for invalid requests. r=nelson

This commit is contained in:
alexei.volkov.bugs%sun.com 2006-12-01 01:10:03 +00:00
parent 9a534e05f0
commit e3c549190e

View File

@ -271,12 +271,14 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
}
rv = SECU_ReadDERFromFile(&reqDER, inFile, ascii);
if (rv)
if (rv) {
break;
}
certReq = (CERTCertificateRequest*) PORT_ArenaZAlloc
(arena, sizeof(CERTCertificateRequest));
if (!certReq)
break;
if (!certReq) {
GEN_BREAK(SECFailure);
}
certReq->arena = arena;
/* Since cert request is a signed data, must decode to get the inner
@ -285,24 +287,31 @@ GetCertRequest(PRFileDesc *inFile, PRBool ascii)
PORT_Memset(&signedData, 0, sizeof(signedData));
rv = SEC_ASN1DecodeItem(arena, &signedData,
SEC_ASN1_GET(CERT_SignedDataTemplate), &reqDER);
if (rv)
if (rv) {
break;
rv = SEC_ASN1DecodeItem(arena, certReq,
}
rv = SEC_ASN1DecodeItem(arena, certReq,
SEC_ASN1_GET(CERT_CertificateRequestTemplate), &signedData.data);
} while (0);
if (!rv) {
if (rv) {
break;
}
rv = CERT_VerifySignedDataWithPublicKeyInfo(&signedData,
&certReq->subjectPublicKeyInfo, NULL /* wincx */);
} while (0);
if (reqDER.data) {
SECITEM_FreeItem(&reqDER, PR_FALSE);
}
if (rv) {
PRErrorCode perr = PR_GetError();
fprintf(stderr, "%s: unable to decode DER cert request (%s)\n", progName,
SECU_Strerror(perr));
SECU_PrintError(progName, "bad certificate request\n");
if (arena) {
PORT_FreeArena(arena, PR_FALSE);
}
certReq = NULL;
}
return (certReq);
return certReq;
}
static PRBool