Note: There are a few cases of duplicates in user autocompletion which are being worked on.

certutil issues certs for invalid requests

RESOLVED FIXED in 3.12

Status

NSS
Tools
P2
normal
RESOLVED FIXED
11 years ago
11 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

The fix for bug 174193 didn't go far enough.  
The code now checks that the request is signed, and reports a message
if the signature is invalid.  However, it then proceeds to issue the cert.
In fact, it ignores any and all errors in parsing the request.
(Reporter)

Updated

11 years ago
Assignee: nelson → alexei.volkov.bugs
Priority: -- → P2
Target Milestone: 3.11.3 → 3.12
(Assignee)

Comment 1

11 years ago
Created attachment 247023 [details] [diff] [review]
return null if request has an invalid signature.

also, some code cleanup
Attachment #247023 - Flags: review?
(Reporter)

Comment 2

11 years ago
Comment on attachment 247023 [details] [diff] [review]
return null if request has an invalid signature.

I have one minor issue with this patch.

>-   if (rv) {
>+   if (rv != SECSuccess) {

Everywhere in this function where rv is tested, the test is simply
     if (rv)
but here the patch changes it to
     if (rv != SECSuccess)

The two are equivalent, but I'd like to see the function remain 
self-consistent with respect to this style.  
So please change this one line back to be consistent, 
then r=nelson
Attachment #247023 - Flags: review? → review+
(Assignee)

Comment 3

11 years ago
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v  <--  certutil.c
new revision: 1.106; previous revision: 1.105

Integrated with modification suggested by Nelson
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.