Closed
Bug 287061
Opened 20 years ago
Closed 18 years ago
CRL number should be a big integer, not ulong
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: hanfei.yu, Assigned: alvolkov.bgs)
References
Details
(Whiteboard: PKIX)
Attachments
(3 files, 1 obsolete file)
|
2.62 KB,
patch
|
Details | Diff | Splinter Review | |
|
995 bytes,
patch
|
Details | Diff | Splinter Review | |
|
1.32 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20041214 Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.4) Gecko/20041214 in certhigh/crlv2.c: CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value) decodes and returns CRL number as an integer. From RFC3280, Section 5.2.3, CRL number can be a values of 20 octets. Reproducible: Always
|
||
Updated•20 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•20 years ago
|
||
This is a valid bug. However, currently, this function isn't exported from NSS, nor is it used internally, so nobody can be running into this problem. We should not export this function as-is, since the return type of the prototype is incorrect. A new function should be provided that returns a type usable for big numbers. Based on my conversation with Nelson earlier today, it would probably be a SECItem, which could be tested with SECItem_CompareItem . However, that only works right if the octet string of the CRL number is unsigned. If not, special decoding would be needed. RFC3280 defines CRLNumber as CRLNumber ::= INTEGER (0..MAX) Therefore, I think a SECItem would work.
Status: NEW → ASSIGNED
OS: Solaris → All
Hardware: Sun → All
|
|
||
Updated•20 years ago
|
Priority: -- → P1
Target Milestone: --- → 3.11
Version: unspecified → 3.10
Julien:
I had the following functions in crlv2.c. (I renamed this function to
differentiate from the original one) and it had been tested with NIST CRL's.
********************** crlv2.c
SECStatus CERT_FindCRLNumberBytesExten (CERTCrl *crl, SECItem *value)
{
SECItem encodedExtenValue;
SECStatus rv;
encodedExtenValue.data = NULL;
encodedExtenValue.len = 0;
rv = cert_FindExtension
(crl->extensions, SEC_OID_X509_CRL_NUMBER, &encodedExtenValue);
if ( rv != SECSuccess )
return (rv);
rv = SEC_ASN1DecodeItem (NULL, value, SEC_IntegerTemplate,
&encodedExtenValue);
if ( rv != SECSuccess )
return (rv);
PORT_Free (encodedExtenValue.data);
return (rv);
}
|
|
||
Comment 4•20 years ago
|
||
Hanfei, Please attach a patch generated with cvs diff -u10 . Please remove the old function in your patch since it is unused. Thanks.
|
|
||
Comment 6•20 years ago
|
||
Comment on attachment 178489 [details] [diff] [review] diff with CRL number big int fix >-SECStatus CERT_FindCRLNumberExten (CERTCrl *crl, CERTCrlNumber *value) >+SECStatus CERT_FindCRLNumberBytesExten (CERTCrl *crl, SECItem *value) It is not necessary to rename this function because it hasn't been exported. We should remove the CERTCrlNumber type though.
|
||
Comment 7•20 years ago
|
||
Comment on attachment 178489 [details] [diff] [review] diff with CRL number big int fix > rv = SEC_ASN1DecodeItem (NULL, value, SEC_IntegerTemplate, Please change this to use a non-NULL arena. Basically we don't ever want to use the ASN1 decoders without arenas. Thanks. > &encodedExtenValue); >+ if ( rv != SECSuccess ) >+ return (rv); >+
Attachment #178489 -
Attachment is patch: true
|
|
||
Comment 8•20 years ago
|
||
Also, since the CRL is DER-encoded, you can use the faster SEC_QuickDERDecodeItem . Be aware it requires a non-NULL arena argument.
|
|
||
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
||
Comment 9•19 years ago
|
||
As checked in on NSS_LIBPKIX_BRANCH . Checking in certdb/cert.h; /cvsroot/mozilla/security/nss/lib/certdb/cert.h,v <-- cert.h new revision: 1.53.10.2; previous revision: 1.53.10.1 done Checking in certhigh/crlv2.c; /cvsroot/mozilla/security/nss/lib/certhigh/crlv2.c,v <-- crlv2.c new revision: 1.3.10.1; previous revision: 1.3 done
Attachment #178489 -
Attachment is obsolete: true
|
|
||
Comment 10•19 years ago
|
||
This patch won't apply to anything useful in the future, but I wanted to have a record that the previous patch was incomplete since it was missing this export. I checked this in to the NSS_LIBPKIX_BRANCH . Checking in nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.146.6.2; previous revision: 1.146.6.1
|
|
||
Comment 11•19 years ago
|
||
As coded, CERT_FindCRLNumberExten has a problem with the memory management. The QuickDER decoder returns memory with a pointer that may point into memory from the input buffer. Thus, you cannot decode directly into "value". You must make a copy of the item into the target arena, using SECITEM_DupItem . Also, the PORT_Free call should be removed, since we are using arenas.
Assignee: julien.pierre.bugs → hanfei.yu
Status: ASSIGNED → NEW
|
|
||
Comment 12•19 years ago
|
||
Looking over this more closely - the PORT_Free call is correct and should stay, but my first comment still stands - you need to make a copy of the item before you return it.
|
Reporter | |
Comment 13•19 years ago
|
||
Use SECITEM_ArenaDupItem() to duplicate extension data for decoding.
|
|
||
Comment 14•19 years ago
|
||
This didn't make 3.11 . Retargetting for 3.12 .
|
|
||
Updated•19 years ago
|
Target Milestone: 3.11 → 3.12
|
|
||
Comment 15•19 years ago
|
||
Reassigning. HanFei isn't working on NSS any more.
Assignee: hanfei.yu → julien.pierre.bugs
|
|
||
Updated•19 years ago
|
QA Contact: jason.m.reid → libraries
|
Assignee | |
Updated•18 years ago
|
Whiteboard: PKIX
|
|
Assignee | |
Comment 16•18 years ago
|
||
Will be integrated to the trunk as a part of patch of bug 358785
Status: NEW → ASSIGNED
Depends on: 358785
|
|
Assignee | |
Updated•18 years ago
|
Assignee: julien.pierre.boogz → alexei.volkov.bugs
Status: ASSIGNED → NEW
|
|
||
Comment 17•18 years ago
|
||
This was fixed with the checkin to bug 358785 .
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•