Closed
Bug 340887
Opened 18 years ago
Closed 18 years ago
QuickDER decoder does not detect invalid empty OPTIONAL sequences
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
INVALID
3.11.3
People
(Reporter: nelson, Assigned: julien.pierre)
Details
Bug 340776 documents an OCSP response that includes an empty OPTIONAL SEQUENCE-OF. Our QuickDER decoder did not detect it and report it as invalid DER. Our encode correctly re-encoded the response without the optional. That is, the optional part was omitted because it was empty. We detected the invalid DER repsonse because we compared the input to the decoder with the output of the encoder, and they did not match. IMO, the QuickDER decoder should at least have an option to detect these errors. Perhaps we will at times wish to ignore these errors, but that should be the optional behavior, not the default.
Reporter | ||
Updated•18 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.11.3
Reporter | ||
Comment 1•18 years ago
|
||
Maybe Bug 340776 isn't such a good example. Perhaps it wasn't empty after all. But I believe this RFE is still valid. I don't think any of our ASN.1 decoders detects an empty optional.
Assignee | ||
Comment 2•18 years ago
|
||
Actually a SEQUENCE OF is allowed to have zero elements in the general case. This is valid to encode and decode. Some ASN.1 structures may be constrained in size and require a minimum or maximum of elements, which our templates are currently unable to express, and thus the decoders/encoders don't enforce it. Thus, I think this bug may be invalid.
Reporter | ||
Comment 3•18 years ago
|
||
Upon rereading X.690, I cannot find any rule that requires empty optional values to be omitted. So, I must reluctantly mark this invalid. :(
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•