Open Bug 989833 Opened 11 years ago Updated 3 years ago

Double-check calls to der::Nested()/der::End() in mozilla::pkix

Categories

(Core :: Security: PSM, defect, P5)

Product:
Core
Component:
Security: PSM
Type:
defect

Tracking

()

People

(Reporter: briansmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-backlog])

One Example in pkixocsp.cpp's VerifyEncodedOCSPResponse: ... if (der::Nested(input, der::SEQUENCE, bind(OCSPResponse, _1, ref(context))) != der::Success) { SetErrorToMalformedResponseOnBadDERError(); return SECFailure; } if (der::End(input) != der::Success) { SetErrorToMalformedResponseOnBadDERError(); return SECFailure; } ... The call to der::End(input) is unnecessary because the call to der::Nested already did it; see the definition of der::Nested.
(In reply to Brian Smith (:briansmith, was :bsmith; NEEDINFO? for response) from comment #0) > One Example in pkixocsp.cpp's VerifyEncodedOCSPResponse: > > ... > > if (der::Nested(input, der::SEQUENCE, > bind(OCSPResponse, _1, ref(context))) != der::Success) { > SetErrorToMalformedResponseOnBadDERError(); > return SECFailure; > } > > if (der::End(input) != der::Success) { > SetErrorToMalformedResponseOnBadDERError(); > return SECFailure; > } > > ... > > The call to der::End(input) is unnecessary because the call to der::Nested > already did it; see the definition of der::Nested. The above is wrong. der::Nested calls der::End(nested), not der::End(input). We should see if we wrote any code that uses this wrong thinking.
Summary: Remove redundant calls to der::End() in mozilla::pkix → Double-check calls to der::Nested()/der::End() in mozilla::pkix
Whiteboard: [psm-backlog]
Priority: -- → P5
Severity: trivial → S4
You need to log in before you can comment on or make changes to this bug.