mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 04:45:45 +00:00
Bug 1005256: Improve parameter validation in mozilla::pkix::der::Input::GetSECItem, r=mmc
--HG-- extra : rebase_source : 93b65e103c86747ddaf463e639aacffdf7ccb08f extra : histedit_source : 10ef0ab13fb9de710ea3c589600db4632f9cf4a0
This commit is contained in:
parent
a46aa03484
commit
f0a3398f72
@ -183,21 +183,24 @@ public:
|
|||||||
{
|
{
|
||||||
private:
|
private:
|
||||||
friend class Input;
|
friend class Input;
|
||||||
explicit Mark(const uint8_t* mark) : mMark(mark) { }
|
Mark(const Input& input, const uint8_t* mark) : input(input), mark(mark) { }
|
||||||
const uint8_t* const mMark;
|
const Input& input;
|
||||||
|
const uint8_t* const mark;
|
||||||
void operator=(const Mark&) /* = delete */;
|
void operator=(const Mark&) /* = delete */;
|
||||||
};
|
};
|
||||||
|
|
||||||
Mark GetMark() const { return Mark(input); }
|
Mark GetMark() const { return Mark(*this, input); }
|
||||||
|
|
||||||
bool GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item)
|
Result GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item)
|
||||||
{
|
{
|
||||||
PR_ASSERT(mark.mMark < input);
|
if (&mark.input != this || mark.mark > input) {
|
||||||
|
PR_NOT_REACHED("invalid mark");
|
||||||
|
return Fail(SEC_ERROR_INVALID_ARGS);
|
||||||
|
}
|
||||||
item.type = type;
|
item.type = type;
|
||||||
item.data = const_cast<uint8_t*>(mark.mMark);
|
item.data = const_cast<uint8_t*>(mark.mark);
|
||||||
// TODO: Return false if bounds check fails
|
item.len = static_cast<decltype(item.len)>(input - mark.mark);
|
||||||
item.len = input - mark.mMark;
|
return Success;
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
@ -441,7 +441,9 @@ BasicResponse(der::Input& input, Context& context)
|
|||||||
|
|
||||||
CERTSignedData signedData;
|
CERTSignedData signedData;
|
||||||
|
|
||||||
input.GetSECItem(siBuffer, mark, signedData.data);
|
if (input.GetSECItem(siBuffer, mark, signedData.data) != der::Success) {
|
||||||
|
return der::Failure;
|
||||||
|
}
|
||||||
|
|
||||||
if (der::Nested(input, der::SEQUENCE,
|
if (der::Nested(input, der::SEQUENCE,
|
||||||
bind(der::AlgorithmIdentifier, _1,
|
bind(der::AlgorithmIdentifier, _1,
|
||||||
@ -502,7 +504,9 @@ BasicResponse(der::Input& input, Context& context)
|
|||||||
return der::Failure;
|
return der::Failure;
|
||||||
}
|
}
|
||||||
|
|
||||||
input.GetSECItem(siBuffer, mark, certs[numCerts]);
|
if (input.GetSECItem(siBuffer, mark, certs[numCerts]) != der::Success) {
|
||||||
|
return der::Failure;
|
||||||
|
}
|
||||||
++numCerts;
|
++numCerts;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -417,13 +417,32 @@ TEST_F(pkixder_input_tests, MarkAndGetSECItem)
|
|||||||
SECItem item;
|
SECItem item;
|
||||||
memset(&item, 0x00, sizeof item);
|
memset(&item, 0x00, sizeof item);
|
||||||
|
|
||||||
ASSERT_TRUE(input.GetSECItem(siBuffer, mark, item));
|
ASSERT_EQ(Success, input.GetSECItem(siBuffer, mark, item));
|
||||||
ASSERT_EQ(siBuffer, item.type);
|
ASSERT_EQ(siBuffer, item.type);
|
||||||
ASSERT_EQ(sizeof expectedItemData, item.len);
|
ASSERT_EQ(sizeof expectedItemData, item.len);
|
||||||
ASSERT_TRUE(item.data);
|
ASSERT_TRUE(item.data);
|
||||||
ASSERT_EQ(0, memcmp(item.data, expectedItemData, sizeof expectedItemData));
|
ASSERT_EQ(0, memcmp(item.data, expectedItemData, sizeof expectedItemData));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Cannot run this test on debug builds because of the PR_NOT_REACHED
|
||||||
|
#ifndef DEBUG
|
||||||
|
TEST_F(pkixder_input_tests, MarkAndGetSECItemDifferentInput)
|
||||||
|
{
|
||||||
|
Input input;
|
||||||
|
const uint8_t der[] = { 0x11, 0x22, 0x33, 0x44 };
|
||||||
|
ASSERT_EQ(Success, input.Init(der, sizeof der));
|
||||||
|
|
||||||
|
Input another;
|
||||||
|
Input::Mark mark = another.GetMark();
|
||||||
|
|
||||||
|
ASSERT_EQ(Success, input.Skip(3));
|
||||||
|
|
||||||
|
SECItem item;
|
||||||
|
ASSERT_EQ(Failure, input.GetSECItem(siBuffer, mark, item));
|
||||||
|
ASSERT_EQ(SEC_ERROR_INVALID_ARGS, PR_GetError());
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
TEST_F(pkixder_input_tests, ExpectTagAndLength)
|
TEST_F(pkixder_input_tests, ExpectTagAndLength)
|
||||||
{
|
{
|
||||||
Input input;
|
Input input;
|
||||||
|
Loading…
Reference in New Issue
Block a user