Closed Bug 982783 Opened 10 years ago Closed 10 years ago

wrong test results for OptionalVersionInvalid and OptionalVersionV1 tests in pkixder_tests.cpp

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1029364
Milestone:
mozilla33

People

(Reporter: st3fan, Assigned: briansmith)

References

Details

The der::OptionalVersion() function succesfully parses a Version field with a version number that is out of range. The only compatible version numbers that we support are v1 to v3.

I think der::OptionalVersion() should check the version number retrieved and then fail fast?
(In reply to Stefan Arentz [:st3fan] from comment #0)
> The der::OptionalVersion() function succesfully parses a Version field with
> a version number that is out of range. The only compatible version numbers
> that we support are v1 to v3.
> 
> I think der::OptionalVersion() should check the version number retrieved and
> then fail fast?

Technically a v4 or v5 certificate could be valid. In fact, I heard ITU or somebody is already working on x509 v5. So, the only out of range values are negative, which are checked for.

There IS a bug though: OptionalVersion should NOT except an explicit value of v1 (0x00) because that is the default value.
Summary: Test failure for insanity::pkixder OptionalVersionInvalid → wrong test results for OptionalVersionInvalid and OptionalVersionV1 tests in pkixder_tests.cpp
I accidentally a patch for this.
Assignee: sarentz → brian
No longer blocks: 998482
Stefan, please mark this as a dupe of bug 1029364 if you are happy with the results now. See also bug 1031022.
Depends on: 1029364, 1031022
Flags: needinfo?(sarentz)
Target Milestone: --- → mozilla33
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(sarentz)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.