Closed Bug 174885 Opened 22 years ago Closed 22 years ago

SEC_ASN1DecodeItem returns NULL and SECSuccess

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nelson, Assigned: nelson)

References

Details

(Keywords: fixed1.4, Whiteboard: [3.7.7][3.4.4])

Attachments

(1 file, 2 obsolete files)

patch v3. corrected above error.
1.76 KB, patch
wtc
: review+
sspitzer
: approval1.4+
Details | Diff | Splinter Review
This bug is a continuation of bug 174188. See bug 174188 for instructions on how to reproduce. When SEC_ASN1DecodeItem is called with CERT_CertificateRequestTemplate and the cert request contains an empty set of attributes, SEC_ASN1DecodeItem returns SECSuccess, but the pointer named attributes in the parsed CERTCertificateRequest contains NULL. It should contain a non-NULL pointer to an array of pointers, the first of which is NULL. In NSS 3.7, SECU_PrintCertificateRequest calls SEC_QuickDERDecodeItem instead of SEC_ASN1DecodeItem, because SEC_QuickDERDecodeItem returns the proper value in cr->attributes. I believe this is correct, because (I think) a certificate request should always be DER encoded. However, if a certificate request is permitted to be BER encoded, then SECU_PrintCertificateRequest should be changed back to use SEC_ASN1DecodeItem again. SEC_ASN1DecodeItem should be fixed for this case.
Julien, could you take a look at this? Nelson, I think this is a design decision rather than a bug of our classic ASN.1 decoder. But I agree with your suggested change. It will simplify the clients' code (no need to test for a NULL pointer) and match the behavior of the new QuickDER decoder. I believe the code in question is in lib/util/secasn1d.c: 890 if (state->underlying_kind & SEC_ASN1_GROUP) { ... 900 if (state->contents_length != 0 || state->indefinite) { ... 916 } else { 917 /* 918 * A group of zero; we are done. 919 * XXX Should we store a NULL here? Or set state to 920 * afterGroup and let that code do it? 921 */ 922 state->place = afterEndOfContents; 923 } 924 return; 925 } The "XXX" comment shows that this is a design decision that the original author was not sure about. Maybe we can try what the comment suggests, setting state->place to afterGroup?
Assignee: wtc → jpierre
Priority: -- → P2
Target Milestone: --- → 3.7
I would call this behavior a bug. If the component is OPTIONAL, then there is no way for the application to tell if the component is present but empty, as opposed to missing. Setting a pointer that point to an array containing only a terminating NULL allows differentiation.
I agree that this is a bug, but for a different reason. I think it is an error for the decoder to return SECSuccess, indicating that no error occurred, when the returned struct contains a NULL pointer for a non-OPTIONAL member. SECSuccess means, all the required members were present. In PKCS#10, the attributes member of the CertificateRequestInfo sequence is IMPLICIT, but not OPTIONAL. It is declared: attributes [0] IMPLICIT Attributes where the type Attributes is defined as Attributes ::= SET OF Attribute In the case we're discussing, the SET OF Attribute is present, but is empty. So, the array of pointers to the SECItems for the Attribute(s) should exist, but the first pointer should be NULL. SEC_QuickDERDecodeItem gets it right. (Good job!)
OK, you are right. This is a bug. It is important to differentiate between an empty set and a missing set.
At the risk of belaboring this point, I will mention that in order to encode the empty set of Attributes, the NSS Encoder requires the pointer to the array of pointers to the Attributes to be non-NULL, but allows the first pointer in the array to be NULL. I think it is appropriate for the decoder to produce as output the same values that the encoder requires as input.
Nelson, there is no doubt in my mind that this is a bug now.
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Taking bug. I believe that bug 204555 is another manifestation of this bug.
Assignee: jpierre → nelsonb
Attached patch patch v1 (obsolete) — Splinter Review
When SET OF or SEQUENCE OF contains no items, allocate an array of pointers to the items, and make the first item in that array be NULL, rather than having the pointer to the array itself be NULL.
Comment on attachment 123860 [details] [diff] [review] patch v1 This patch fixes one case were the decoder returns a NULL pointer for a required item. There may be others, but this one has been experienced numerous times.
Attachment #123860 - Flags: review?(wtc)
Comment on attachment 123860 [details] [diff] [review] patch v1 r=wtc. In sec_asn1d_concat_group, I believe that we can also simply change if (state->subitems_head != NULL) { to if (placep != NULL) { and remove the "PORT_Assert (placep != NULL);" assertion and the "else if (placep != NULL)" block. The code in the "if (state->subitems_head != NULL)" block actually also works if state->subitems_head == NULL.
Attachment #123860 - Flags: superreview?(relyea)
Attachment #123860 - Flags: review?(wtc)
Attachment #123860 - Flags: review+
Comment on attachment 123860 [details] [diff] [review] patch v1 If you decide to make the change I suggested, we probaly should replace the assertion in the original if block: PORT_Assert (placep != NULL); by this assertion outside the new if block: PORT_Assert (state->subitems_head == NULL || placep != NULL); to be equivalent to the original assertion.
Attachment #123860 - Attachment is obsolete: true
Attachment #123942 - Flags: superreview?(relyea)
Attachment #123942 - Flags: review?(wtc)
Comment on attachment 123942 [details] [diff] [review] patch v2 incorporates wtc's review comments >- *placep = group; >- > item = state->subitems_head; > while (item != NULL) { > *group++ = item->data; > item = item->next; > } > *group = NULL; >+ *placep = group; You can't move the "*placep = group" assignment. With your change, *placep will be pointing at the end of the array, not the beginning of the array. (Note the group++ increment in the while loop.)
Attachment #123942 - Flags: review?(wtc) → review-
all.sh failed with patch v2. It succeeds with this patch.
Attachment #123942 - Attachment is obsolete: true
Comment on attachment 123958 [details] [diff] [review] patch v3. corrected above error. This patch is the smallest version yet.
Attachment #123958 - Flags: review?(wtc)
Comment on attachment 123958 [details] [diff] [review] patch v3. corrected above error. r=wtc. I'm having second thoughts whether we need that assertion at all. I suggested it simply because it was in the original code. In the original code, the assertion means we can dereference 'placep' without checking. In the new code, we dereference 'placep' only if it is not NULL, so it is not obvious what the assertion means. What do you think, Nelson?
Attachment #123958 - Flags: review?(wtc) → review+
Comment on attachment 123958 [details] [diff] [review] patch v3. corrected above error. Requesting mozilla 1.4 approval. This bug is the underlying cause of bug 204555, a mozilla 1.4 blocker. The risk of this patch is low.
Attachment #123958 - Flags: approval1.4?
Comment on attachment 123958 [details] [diff] [review] patch v3. corrected above error. a=sspitzer
Attachment #123958 - Flags: approval1.4? → approval1.4+
Fic checked in as rev 1.26 on trunk. Will mark fixed when checked in on NSS 3.8 branch.
Blocks: 204555
Status: NEW → ASSIGNED
Priority: P2 → P1
Target Milestone: --- → 3.8.1
Fix checked in on NSS_3_8_BRANCH as rev 1.19.26.2 marking fixed in NSS 3.8.1.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment on attachment 123958 [details] [diff] [review] patch v3. corrected above error. I checked in this patch on MOZILLA_1_4_BRANCH for mozilla 1.4 final.
Keywords: fixed1.4
Patch checked into NSS_3_7_BRANCH for NSS 3.7.7 Beta 1.
Whiteboard: [3.7.7]
Blocks: 208996
Blocks: 207740
Patch checked in on the NSS_3_4_BRANCH (3.4.4).
Whiteboard: [3.7.7] → [3.7.7][3.4.4]
Attachment #123942 - Flags: superreview?(rrelyea0264) → superreview+
Attachment #123860 - Flags: superreview?(rrelyea0264) → superreview+
Blocks: 211049
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: