Closed Bug 1095565 Opened 10 years ago Closed 6 months ago

More strict DER-compliance checking on the ASN.1 INTEGER, BIT STRING and BOOLEAN field types

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: jcj, Unassigned)

Details

J.C. Jones [:jcj] (he/him)

Reporter

Description

•

10 years ago

This is a follow-on to bug 1064670, particularly the comments by Brian Smith.

Decoding of INTEGER, BIT STRING and BOOLEAN in quickder.c is too permissive; for example, BOOLEAN may only be 0xFF or 0x00, yet the current decoder doesn't check. 

This bug is to carry capture the changes from what was first "part 2" of bug 1064670.

BugBot [:suhaib / :marco/ :calixte]

Comment 1

•

2 years ago

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: jc → nobody

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Comment 2

•

6 months ago

We have mozpkix now

Severity: S3 → S4

Status: NEW → RESOLVED

Closed: 6 months ago

Priority: -- → P5

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

More strict DER-compliance checking on the ASN.1 INTEGER, BIT STRING and BOOLEAN field types

Categories

(NSS :: Libraries, defect, P5)

Tracking

(Not tracked)

People

(Reporter: jcj, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2