diff options
author | John M. Schanck <jschanck@mozilla.com> | 2021-10-11 22:09:25 +0000 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2021-10-11 22:09:25 +0000 |
commit | a839f93a24e83ea78266c636a2df7f084fc0a9bb (patch) | |
tree | 1ebfca037d3bcc08b9278ad97b1bd02cb6f9dbc1 | |
parent | 6e8bc0db14d87322aa51ec0bca73d4b619c8ea64 (diff) | |
download | nss-hg-a839f93a24e83ea78266c636a2df7f084fc0a9bb.tar.gz |
Bug 1735028 - check for missing signedData field r=keeler
Differential Revision: https://phabricator.services.mozilla.com/D128112
-rw-r--r-- | gtests/certdb_gtest/decode_certs_unittest.cc | 13 | ||||
-rw-r--r-- | lib/pkcs7/certread.c | 5 |
2 files changed, 18 insertions, 0 deletions
diff --git a/gtests/certdb_gtest/decode_certs_unittest.cc b/gtests/certdb_gtest/decode_certs_unittest.cc index 405194edc..3317ae8ee 100644 --- a/gtests/certdb_gtest/decode_certs_unittest.cc +++ b/gtests/certdb_gtest/decode_certs_unittest.cc @@ -26,3 +26,16 @@ TEST_F(DecodeCertsTest, EmptyCertPackage) { sizeof(emptyCertPackage))); EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); } + +TEST_F(DecodeCertsTest, EmptySignedData) { + // This represents a PKCS#7 ContentInfo of contentType + // 1.2.840.113549.1.7.2 (signedData) with missing content. + unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, + 0x02, 0x00, 0x00, 0x05, 0x00}; + + EXPECT_EQ(nullptr, + CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData), + sizeof(emptySignedData))); + EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError()); +} diff --git a/lib/pkcs7/certread.c b/lib/pkcs7/certread.c index 3091f9947..15094f2d7 100644 --- a/lib/pkcs7/certread.c +++ b/lib/pkcs7/certread.c @@ -139,6 +139,11 @@ SEC_ReadPKCS7Certs(SECItem *pkcs7Item, CERTImportCertificateFunc f, void *arg) goto done; } + if (contentInfo.content.signedData == NULL) { + PORT_SetError(SEC_ERROR_BAD_DER); + goto done; + } + rv = SECSuccess; certs = contentInfo.content.signedData->certificates; |