Open Bug 703103 Opened 14 years ago Updated 2 years ago

SEC_ASN1DecodeItem should fail on excess input data length

Categories

(NSS :: Libraries, defect, P5)

Product:
NSS
Component:
Libraries
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

People

(Reporter: mattm, Unassigned)

Details

SEC_ASN1DecodeItem should fail with SEC_ERROR_EXTRA_INPUT if there is undecoded data remaining in the input buffer. The code has a disabled assert for this: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/secasn1d.c&rev=1.39&mark=2814-2827#2814 , but in theory any places that legitimately wanted to allow it could ignore that error result. Bug 352932 is an example of a specific instance of this problem.
Severity: normal → S3
Severity: S3 → S4
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.