Closed
Bug 1002921
Opened 10 years ago
Closed 10 years ago
mozilla::pkix::der::Input::GetSECItem returns a value uselessly and callers ignore it
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 1005256
People
(Reporter: briansmith, Unassigned)
Details
The patch for bug 968490 included this: - void GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item) + bool GetSECItem(SECItemType type, const Mark& mark, /*out*/ SECItem& item) { PR_ASSERT(mark.mMark < input); item.type = type; item.data = const_cast<uint8_t*>(mark.mMark); - // TODO: bounds check + // TODO: Return false if bounds check fails item.len = input - mark.mMark; + return true; } The return value (which is always true) is checked by the mozilla::pkix::der unit tests but it isn't checked by the real callers in mozilla::pkix. It seems like we need to have mozilla::pkix::der::Input save the initial value of "input" so that it can compare it to mark.mMark. Then we can return a useful return value. Regardless, the callers of this function in the code should check the return value if there is one.
Reporter | ||
Comment 1•10 years ago
|
||
I didn't realize I already filed this. I'm duping this to the newer bug since the newer bug enumerates the issues.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•