mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1097622 - Return ERROR_INVALID_TIME when decoding invalid time values. r=dkeeler
This commit is contained in:
parent
64a8ea21dd
commit
1d7d83f71b
@ -146,16 +146,17 @@ ErrorIsOverridable(PRErrorCode code)
|
||||
switch (code)
|
||||
{
|
||||
// Overridable errors.
|
||||
case SEC_ERROR_UNKNOWN_ISSUER:
|
||||
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
||||
case SSL_ERROR_BAD_CERT_DOMAIN:
|
||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
||||
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_CA_CERT_USED_AS_END_ENTITY:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_INADEQUATE_KEY_SIZE:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_V1_CERT_USED_AS_CA:
|
||||
case SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED:
|
||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
||||
case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
|
||||
case SEC_ERROR_INVALID_TIME:
|
||||
case SEC_ERROR_UNKNOWN_ISSUER:
|
||||
case SSL_ERROR_BAD_CERT_DOMAIN:
|
||||
return true;
|
||||
// Non-overridable errors.
|
||||
default:
|
||||
|
@ -313,6 +313,7 @@ MapCertErrorToProbeValue(PRErrorCode errorCode)
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE: return 14;
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_ISSUER_CERTIFICATE:
|
||||
return 15;
|
||||
case SEC_ERROR_INVALID_TIME: return 16;
|
||||
}
|
||||
NS_WARNING("Unknown certificate error code. Does MapCertErrorToProbeValue "
|
||||
"handle everything in DetermineCertOverrideErrors?");
|
||||
@ -368,6 +369,7 @@ DetermineCertOverrideErrors(CERTCertificate* cert, const char* hostName,
|
||||
break;
|
||||
}
|
||||
|
||||
case SEC_ERROR_INVALID_TIME:
|
||||
case SEC_ERROR_EXPIRED_CERTIFICATE:
|
||||
case mozilla::pkix::MOZILLA_PKIX_ERROR_NOT_YET_VALID_CERTIFICATE:
|
||||
collectedErrors = nsICertOverrideService::ERROR_TIME;
|
||||
|
@ -37,21 +37,31 @@ CheckValidity(Input encodedValidity, Time time)
|
||||
Reader validity(encodedValidity);
|
||||
Time notBefore(Time::uninitialized);
|
||||
if (der::TimeChoice(validity, notBefore) != Success) {
|
||||
return Result::ERROR_EXPIRED_CERTIFICATE;
|
||||
}
|
||||
if (time < notBefore) {
|
||||
return Result::ERROR_NOT_YET_VALID_CERTIFICATE;
|
||||
return Result::ERROR_INVALID_DER_TIME;
|
||||
}
|
||||
|
||||
Time notAfter(Time::uninitialized);
|
||||
if (der::TimeChoice(validity, notAfter) != Success) {
|
||||
return Result::ERROR_EXPIRED_CERTIFICATE;
|
||||
return Result::ERROR_INVALID_DER_TIME;
|
||||
}
|
||||
|
||||
if (der::End(validity) != Success) {
|
||||
return Result::ERROR_INVALID_DER_TIME;
|
||||
}
|
||||
|
||||
if (notBefore > notAfter) {
|
||||
return Result::ERROR_INVALID_DER_TIME;
|
||||
}
|
||||
|
||||
if (time < notBefore) {
|
||||
return Result::ERROR_NOT_YET_VALID_CERTIFICATE;
|
||||
}
|
||||
|
||||
if (time > notAfter) {
|
||||
return Result::ERROR_EXPIRED_CERTIFICATE;
|
||||
}
|
||||
|
||||
return der::End(validity);
|
||||
return Success;
|
||||
}
|
||||
|
||||
// 4.1.2.7 Subject Public Key Info
|
||||
|
@ -70,7 +70,7 @@ TEST_F(pkixcheck_CheckValidity, BothEmptyNull)
|
||||
0x17/*UTCTime*/, 0/*length*/,
|
||||
};
|
||||
static const Input validity(DER);
|
||||
ASSERT_EQ(Result::ERROR_EXPIRED_CERTIFICATE, CheckValidity(validity, NOW));
|
||||
ASSERT_EQ(Result::ERROR_INVALID_DER_TIME, CheckValidity(validity, NOW));
|
||||
}
|
||||
|
||||
TEST_F(pkixcheck_CheckValidity, NotBeforeEmptyNull)
|
||||
@ -80,7 +80,7 @@ TEST_F(pkixcheck_CheckValidity, NotBeforeEmptyNull)
|
||||
NEWER_UTCTIME
|
||||
};
|
||||
static const Input validity(DER);
|
||||
ASSERT_EQ(Result::ERROR_EXPIRED_CERTIFICATE, CheckValidity(validity, NOW));
|
||||
ASSERT_EQ(Result::ERROR_INVALID_DER_TIME, CheckValidity(validity, NOW));
|
||||
}
|
||||
|
||||
TEST_F(pkixcheck_CheckValidity, NotAfterEmptyNull)
|
||||
@ -90,8 +90,7 @@ TEST_F(pkixcheck_CheckValidity, NotAfterEmptyNull)
|
||||
0x17/*UTCTime*/, 0x00/*length*/,
|
||||
};
|
||||
static const Input validity(DER);
|
||||
ASSERT_EQ(Result::ERROR_NOT_YET_VALID_CERTIFICATE,
|
||||
CheckValidity(validity, NOW));
|
||||
ASSERT_EQ(Result::ERROR_INVALID_DER_TIME, CheckValidity(validity, NOW));
|
||||
}
|
||||
|
||||
static const uint8_t OLDER_UTCTIME_NEWER_UTCTIME_DATA[] = {
|
||||
@ -155,6 +154,5 @@ TEST_F(pkixcheck_CheckValidity, InvalidNotAfterBeforeNotBefore)
|
||||
OLDER_UTCTIME,
|
||||
};
|
||||
static const Input validity(DER);
|
||||
ASSERT_EQ(Result::ERROR_NOT_YET_VALID_CERTIFICATE,
|
||||
CheckValidity(validity, NOW));
|
||||
ASSERT_EQ(Result::ERROR_INVALID_DER_TIME, CheckValidity(validity, NOW));
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user