diff options
author | kaie%kuix.de <devnull@localhost> | 2013-01-23 23:05:51 +0000 |
---|---|---|
committer | kaie%kuix.de <devnull@localhost> | 2013-01-23 23:05:51 +0000 |
commit | 248926c5a39d88a51fc48c2e2b9286b91aea9eb8 (patch) | |
tree | 0e79639f586e2406078c6c6086e6382216f871a4 | |
parent | 5a153a4c7b000ec4e8da6e0f531b0b0f440c3a32 (diff) | |
download | nss-hg-248926c5a39d88a51fc48c2e2b9286b91aea9eb8.tar.gz |
Bug 833857, fix ocspclnt crash regression, r=wtcNSS_3_14_2_BETA2
-rw-r--r-- | security/nss/cmd/ocspclnt/ocspclnt.c | 15 | ||||
-rw-r--r-- | security/nss/lib/certhigh/ocsp.c | 1 | ||||
-rw-r--r-- | security/nss/lib/certhigh/ocspti.h | 6 |
3 files changed, 15 insertions, 7 deletions
diff --git a/security/nss/cmd/ocspclnt/ocspclnt.c b/security/nss/cmd/ocspclnt/ocspclnt.c index d84fa5270..dc9490d2c 100644 --- a/security/nss/cmd/ocspclnt/ocspclnt.c +++ b/security/nss/cmd/ocspclnt/ocspclnt.c @@ -828,8 +828,7 @@ static char *responseStatusNames[] = { "tryLater (Try again later)", "unused ((4) is not used)", "sigRequired (Must sign the request)", - "unauthorized (Request unauthorized)", - "other (Status value out of defined range)" + "unauthorized (Request unauthorized)" }; /* @@ -853,9 +852,15 @@ print_response (FILE *out_file, SECItem *data, CERTCertDBHandle *handle) if (response == NULL) return SECFailure; - PORT_Assert (response->statusValue <= ocspResponse_other); - fprintf (out_file, "Response Status: %s\n", - responseStatusNames[response->statusValue]); + if (response->statusValue >= ocspResponse_min && + response->statusValue <= ocspResponse_max) { + fprintf (out_file, "Response Status: %s\n", + responseStatusNames[response->statusValue]); + } else { + fprintf (out_file, + "Response Status: other (Status value %d out of defined range)\n", + (int)response->statusValue); + } if (response->statusValue == ocspResponse_successful) { ocspResponseBytes *responseBytes = response->responseBytes; diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c index 261c3d529..1fe216f26 100644 --- a/security/nss/lib/certhigh/ocsp.c +++ b/security/nss/lib/certhigh/ocsp.c @@ -5691,7 +5691,6 @@ CERT_GetOCSPResponseStatus(CERTOCSPResponse *response) case ocspResponse_unauthorized: PORT_SetError(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST); break; - case ocspResponse_other: case ocspResponse_unused: default: PORT_SetError(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS); diff --git a/security/nss/lib/certhigh/ocspti.h b/security/nss/lib/certhigh/ocspti.h index 0d3b75a41..910b7db7c 100644 --- a/security/nss/lib/certhigh/ocspti.h +++ b/security/nss/lib/certhigh/ocspti.h @@ -189,6 +189,7 @@ struct CERTOCSPCertIDStr { * } */ typedef enum { + ocspResponse_min = 0, ocspResponse_successful = 0, ocspResponse_malformedRequest = 1, ocspResponse_internalError = 2, @@ -196,7 +197,10 @@ typedef enum { ocspResponse_unused = 4, ocspResponse_sigRequired = 5, ocspResponse_unauthorized = 6, - ocspResponse_other /* unknown/unrecognized value */ + ocspResponse_max = 6 /* Please update max when adding values. + * Remember to also update arrays, e.g. + * "responseStatusNames" in ocspclnt.c + * and potentially other places. */ } ocspResponseStatus; /* |