Closed Bug 1002921 Opened 10 years ago Closed 10 years ago

mozilla::pkix::der::Input::GetSECItem returns a value uselessly and callers ignore it

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1005256

People

(Reporter: briansmith, Unassigned)

Details

The patch for bug 968490 included this:

-  void GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item)
+  bool GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item)
   {
     PR_ASSERT(mark.mMark < input);
     item.type = type;
     item.data = const_cast<uint8_t*>(mark.mMark);
-    // TODO: bounds check
+    // TODO: Return false if bounds check fails
     item.len = input - mark.mMark;
+    return true;
   }

The return value (which is always true) is checked by the mozilla::pkix::der unit tests but it isn't checked by the real callers in mozilla::pkix.

It seems like we need to have mozilla::pkix::der::Input save the initial value of "input" so that it can compare it to mark.mMark. Then we can return a useful return value. Regardless, the callers of this function in the code should check the return value if there is one.
I didn't realize I already filed this. I'm duping this to the newer bug since the newer bug enumerates the issues.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.