Closed
Bug 314115
Opened 19 years ago
Closed 19 years ago
SEC_QuickDERDecodeItem modifies SECItem.type field during decoding process
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11
People
(Reporter: alvolkov.bgs, Assigned: julien.pierre)
References
Details
Attachments
(1 file)
701 bytes,
patch
|
alvolkov.bgs
:
review+
wtc
:
superreview+
|
Details | Diff | Splinter Review |
Found a regression with SEC_ASN1DecodeItem function. SECItem.type field get reset to siBuffer during decoding. Adding line fixes the problem for siUsignInteger case. --- quickder.c 2 Apr 2005 05:33:41 -0000 1.22 +++ quickder.c 28 Oct 2005 00:02:12 -0000 @@ -860,6 +860,7 @@ if ((SECSuccess == rv) && (PR_TRUE == save)) { SECItem* destItem = (SECItem*) ((char*)dest + templateEntry->offset); + temp.type = destItem->type; if (destItem) { *(destItem) = temp;
Assignee | ||
Comment 1•19 years ago
|
||
Please also try this fix, which is more generic than the other one as it causes the type field in the destination to always be left untouched, rather than just for SEC_ASN1_INTEGER .
Index: quickder.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/util/quickder.c,v
retrieving revision 1.22
diff -r1.22 quickder.c
865c865,866
< *(destItem) = temp;
---
> destItem->data = temp.data;
> destItem->len = temp.len;
Assignee | ||
Updated•19 years ago
|
Assignee: wtchang → julien.pierre.bugs
Assignee | ||
Updated•19 years ago
|
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: --- → 3.11
Reporter | ||
Comment 2•19 years ago
|
||
Julien, last two lines fix regression as well.
OS: All → Linux
Priority: P2 → --
Hardware: All → PC
Target Milestone: 3.11 → ---
Comment 3•19 years ago
|
||
Is this a regression because something worked in an old NSS release no longer works, or because something that works in SEC_ASN1DecodeItem doesn't work in SEC_QuickDERDecodeItem? Should the caller set destItem->type before calling SEC_QuickDERDecodeItem?
Assignee | ||
Comment 4•19 years ago
|
||
Wan-Teh, This is a bug in the QuickDER decoder, and a difference in behavior with the classic decoder, not technically a regression, but something we need to fix. The only time dest->type needs to be set prior to calling the decoder is for the SEC_ASN1_INTEGER case. The decoder removes leading zeroes if the value is siUnsignedInteger . Otherwise, the type field should be ignored. In all cases, the value of type should be left alone accross the call to either decoder, because the type field is only treated as an input parameter (even though it is a subfield in the output argument ...). This is a hack that was introduced in NSS a long-time ago, and unfortunately one that we have to continue to support.
Comment 5•19 years ago
|
||
Julien, Thanks for the explanation. I hope you can add some comments that explain: 1. When does the caller need to set the SECItem's type field before calling SEC_ASN1DecodeItem or SEC_QuickDERDecodeItem? 2. Does SEC_ASN1DecodeItem or SEC_QuickDERDecodeItem set the SECItem's type field?
Assignee | ||
Comment 6•19 years ago
|
||
Wan-Teh, 1) There is already a comment in the QuickDER code about siUnsignedInteger : case SEC_ASN1_INTEGER: { /* remove leading zeroes if the caller requested siUnsignedInteger This is to allow RSA key operations to work */ SECItem* destItem = (SECItem*) ((char*)dest + templateEntry->offset); if (destItem && (siUnsignedInteger == destItem->type)) The only other place where I think more comments are warranted is in the tech note 1 about the decoders . 2) QuickDER sets the type to 0 (siBuffer) as a result of PORT_ArenaZAlloc . But this only applies to SECItems that QuickDER itself allocated, for POINTER, SET OF and SEQUENCE OF, or subcomponents of these . A quick look at secasn1d.c shows the same is true for the classic decoder .
Assignee | ||
Comment 7•19 years ago
|
||
Attachment #201223 -
Flags: superreview?(wtchang)
Attachment #201223 -
Flags: review?(alexei.volkov.bugs)
Comment 8•19 years ago
|
||
Comment on attachment 201223 [details] [diff] [review] fix r=wtc. Please generate unified context diffs (cvs diff -u) in the future.
Attachment #201223 -
Flags: superreview?(wtchang) → superreview+
Comment 9•19 years ago
|
||
Julien: The comments I requested need to be added to the public header secasn1.h. We use comments in our public headers as a replacement for real documentation. Most of the NSS users won't read the .c files in our source tree.
Reporter | ||
Updated•19 years ago
|
Attachment #201223 -
Flags: review?(alexei.volkov.bugs) → review+
Assignee | ||
Comment 10•19 years ago
|
||
Checking in quickder.c; /cvsroot/mozilla/security/nss/lib/util/quickder.c,v <-- quickder.c new revision: 1.23; previous revision: 1.22 done Checking in secasn1.h; /cvsroot/mozilla/security/nss/lib/util/secasn1.h,v <-- secasn1.h new revision: 1.14; previous revision: 1.13 done I added the following to secasn1.h : /* Both classic ASN.1 and QuickDER have a feature that removes leading zeroes out of SEC_ASN1_INTEGER if the caller sets siUnsignedInteger in the type field of the target SECItem prior to calling the decoder. Otherwise, the type field is ignored and untouched. For SECItem that are dynamically allocated (from POINTER, SET OF, SEQUENCE OF) the decoder sets the type field to siBuffer. */
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•