Closed Bug 1039601 Opened 6 years ago Closed 6 years ago

Make parsing of certificates in OCSP responses clearer and more clearly safe

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla34

People

(Reporter: briansmith, Assigned: briansmith)

Details

Attachments

(1 file)

1. Use the bounds-checked DERArray class instead of doing our own bounds-checking on raw arrays.

2. Parse the wrappers and sequence in the same style as we parse other stuff in mozilla::pkix, instead of using the weird ExpectTagAndSkipLength.

3. Remove ExpectTagAndSkipLength.
Attachment #8456994 - Flags: review?(cviecco)
Summary: Make parsing of certificates in OCSP responses clearer and more clearly-safe → Make parsing of certificates in OCSP responses clearer and more clearly safe
Attachment #8456994 - Flags: review?(cviecco) → review+
https://hg.mozilla.org/mozilla-central/rev/68fe3e5c7181
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.