Closed
Bug 679380
Opened 13 years ago
Closed 13 years ago
Errors parsing nested CMS messages make the encapsulated content irretrievable
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.13
People
(Reporter: elio.maldonado.batiz, Assigned: rrelyea)
References
Details
Attachments
(1 file)
3.27 KB,
patch
|
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
Reported by Nalin Dahyabhai: Description of problem: When parsing PKINIT preauthentication responses from a KDC running WS2008, I'm encountering problems reading SignedData which is wrapped in an EnvelopedData. The server is wrapping the SignedData in a ContentInfo and then putting _that_ inside of the EncapsulatedContentInfo of the EnvelopedData structure. In earlier versions, the EncapsulatedContentInfo's stated type was Data, so while it looked odd, it was easy to just parse it as a new CMS message, but in the current version the stated type is SignedData, so NSS tries to parse the nested ContentInfo as a SignedData, and it just fails. I think the party generating the message is nesting the CMS structures wrong, but I'd like to parse the message successfully anyway. Version-Release number of selected component (if applicable): nss-3.12.10-6.fc16.x86_64 How reproducible: Always Steps to Reproduce: I'll attach the data that I have. Actual results: Unable to recover the encapsulated content in its original form. Expected results: Able to recover encapsulated content in unparsed form.
Reporter | ||
Updated•13 years ago
|
Assignee | ||
Comment 1•13 years ago
|
||
> In earlier versions, the EncapsulatedContentInfo's stated type was Data,
> so while it looked odd, it was easy to just parse it as a new CMS message,
> but in the current version the stated type is SignedData, so NSS tries to
> parse the nested ContentInfo as a SignedData, and it just fails.
So actually I was able to get a dump of the nested ContentInfo and it is in fact SignedData, except it's not properly wrapped in a sequence. This patch detects this case and magically adds the expected sequence back.
bob
Assignee: nobody → rrelyea
Status: NEW → ASSIGNED
Comment 2•13 years ago
|
||
FWIW, I can confirm that the patch works for me here.
Assignee | ||
Updated•13 years ago
|
Attachment #556192 -
Flags: review?(wtc)
Attachment #556192 -
Flags: review?(emaldona)
Assignee | ||
Comment 3•13 years ago
|
||
Checking in pk11obj.c; /cvsroot/mozilla/security/nss/lib/pk11wrap/pk11obj.c,v <-- pk11obj.c new revision: 1.23; previous revision: 1.22 done
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 4•13 years ago
|
||
Whoops, closed the wrong bug...
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Assignee | ||
Updated•13 years ago
|
Status: REOPENED → ASSIGNED
Reporter | ||
Updated•13 years ago
|
Attachment #556192 -
Flags: review?(emaldona) → review+
Assignee | ||
Comment 5•13 years ago
|
||
Checking in cmsdecode.c; /cvsroot/mozilla/security/nss/lib/smime/cmsdecode.c,v <-- cmsdecode.c new revision: 1.14; previous revision: 1.13 done
Status: ASSIGNED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
OS: Linux → All
Priority: -- → P1
Hardware: x86_64 → All
Target Milestone: --- → 3.13
Assignee | ||
Comment 6•12 years ago
|
||
Comment on attachment 556192 [details] [diff] [review] If we detect that the sequence wrapper is missing, add it back. clearing review request.
Attachment #556192 -
Flags: review?(wtc)
You need to log in
before you can comment on or make changes to this bug.
Description
•