Closed
Bug 225301
Opened 21 years ago
Closed 21 years ago
cmsutil test program IGNORES BAD SIGNATURES
Categories
(NSS :: Tools, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(1 file, 1 obsolete file)
|
11.24 KB,
patch
|
julien.pierre
:
review+
|
Details | Diff | Splinter Review |
When our cmsutil QA program decodes a signed message (or detached signature),
it completely ignores whether the signature is good or bad. It outputs
the same output and returns the same program status whether the signature
was correct or incorrect. It's USELESS for validating signatures, and
it's worse than useless as a QA regression tool.
I will fix this pronto.
|
Assignee | |
Comment 1•21 years ago
|
||
Marking P1 for NSS 3.9, and accepting bug.
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → 3.9
|
|
Assignee | |
Comment 2•21 years ago
|
||
This patch does the following:
1. Fixes the Usage message to document the command line options.
2. Changes the "decode" function to
a) report an error on bad signatures, only when decoding the input file,
not when decoding an ancillary "enveloped file".
b) only output the contents of the "detached content" file (-c option)
when that file's content was actually used in the computation.
3. Sundry other cleanup and added comments.
|
|
Assignee | |
Comment 3•21 years ago
|
||
Comment on attachment 135287 [details] [diff] [review]
patch v1
Please review.
I just spotted the misspelling of "envelope". :(
Attachment #135287 -
Flags: review?(wchang0222)
|
||
Comment 4•21 years ago
|
||
Comment on attachment 135287 [details] [diff] [review]
patch v1
This patch has two problems.
1. The SECU_FileToItem(&sitem, decodeOptions->contentFile) was
moved inside a for loop. We should not read the content file
repeatedly.
2. The new code
>+ SECItem *item = (sitem.len && sitem.data)
>+ ? &sitem
>+ : NSS_CMSMessage_GetContent(cmsg);
may not handle a zero-length content file correctly.
Attachment #135287 -
Flags: review?(wchang0222) → review-
|
|
Assignee | |
Comment 5•21 years ago
|
||
This patch incorporates Wan-Teh's review comments.
Attachment #135287 -
Attachment is obsolete: true
|
|
Assignee | |
Updated•21 years ago
|
Attachment #135367 -
Flags: review?(jpierre)
|
||
Updated•21 years ago
|
Attachment #135367 -
Flags: review?(jpierre) → review+
|
|
Assignee | |
Comment 6•21 years ago
|
||
Checking in cmsutil.c;
/cvsroot/mozilla/security/nss/cmd/smimetools/cmsutil.c,v <-- cmsutil.c
new revision: 1.44; previous revision: 1.43
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•