bug 1368652 - test that viewing a certificate with a long OID doesn't crash the browser r=Cykesiopka
authorDavid Keeler <dkeeler@mozilla.com>
Fri, 15 Sep 2017 14:18:27 -0700
changeset 666431 01992997c2bb93f53606b30c34aeb3383d488b7a
parent 666430 be3a7857a1e7fefdd757d54cff99e6eefb9c7294
child 666432 2c1e11c618240f3a110efaf8c41dc05b1ffc9384
push id80410
push userbmo:ttromey@mozilla.com
push dateMon, 18 Sep 2017 19:18:46 +0000
reviewersCykesiopka
bugs1368652
milestone57.0a1
bug 1368652 - test that viewing a certificate with a long OID doesn't crash the browser r=Cykesiopka MozReview-Commit-ID: JhUvDEJJvJy
security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
security/manager/ssl/tests/mochitest/browser/longOID.pem
security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec
security/manager/ssl/tests/mochitest/browser/moz.build
--- a/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
+++ b/security/manager/ssl/tests/mochitest/browser/browser_certViewer.js
@@ -120,16 +120,24 @@ add_task(async function testInvalid() {
   // shouldn't be valid for any usage. Sadly, we give a pretty lame error
   // message in this case.
   let cert = await readCertificate("invalid.pem", ",,");
   let win = await displayCertificate(cert);
   checkError(win, "Could not verify this certificate for unknown reasons.");
   await BrowserTestUtils.closeWindow(win);
 });
 
+add_task(async function testLongOID() {
+  // This certificate has a certificatePolicies extension with a policy with a
+  // very long OID. This tests that we don't crash when looking at it.
+  let cert = await readCertificate("longOID.pem", ",,");
+  let win = await displayCertificate(cert);
+  await BrowserTestUtils.closeWindow(win);
+});
+
 /**
  * Given a certificate, returns a promise that will resolve when the certificate
  * viewer has opened is displaying that certificate, and has finished
  * determining its valid usages.
  *
  * @param {nsIX509Cert} certificate
  *        The certificate to view and determine usages for.
  * @return {Promise}
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/longOID.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIERjCCAzCgAwIBAgIUPdBbFnnDZhRHoZlkalhEuL6ztZowCwYJKoZIhvcNAQEL
+MBMxETAPBgNVBAMMCExvbmcgT0lEMCIYDzIwMTUxMTI4MDAwMDAwWhgPMjAxODAy
+MDUwMDAwMDBaMBMxETAPBgNVBAMMCExvbmcgT0lEMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuohRqESOFtZB/W62iAY2ED08E9nq5DVKtOz1aFdsJHvB
+xyWo4NgfvbGcBptuGobya+KvWnVramRxCHqlWqdFh/cc1SScAn7NQ/weadA4ICmT
+qyDDSeTbuUzCa2wO7RWCD/F+rWkasdMCOosqQe6ncOAPDY39ZgsrsCSSpH25iGF5
+kLFXkD3SO8XguEgfqDfTiEPvJxbYVbdmWqp+ApAvOnsQgAYkzBxsl62WYVu34pYS
+wHUxowyR3bTK9/ytHSXTCe+5Fw6naOGzey8ib2njtIqVYR3uJtYlnauRCE42yxwk
+BCy/Fosv5fGPmRcxuLP+SSP6clHEMdUDrNoYCjXtjQIDAQABo4IBkDCCAYwwDAYD
+VR0TBAUwAwEB/zCCAXoGA1UdIASCAXEwggFtMIIBaQaCAWUqg9zrk3+D3OuTf4Pc
+65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/
+g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zr
+k3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D
+3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuT
+f4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc
+65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/
+g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zrk3+D3OuTf4Pc65N/g9zr
+k3+D3OuTfwEwCwYJKoZIhvcNAQELA4IBAQC1At5opoKPU/U4VAkqdbuvHDuBhsdx
+Qy8VoWUwQ2JFQqxxwThgyTXwgDe74fPlFNVfmqF5lBUdrguOnFYniC9erylqi86i
+ZZPRNHGaGV2kkAp7Vdj6+iJneQ3ruRvnDxmmeg2iwlIgF/LMyjt/KpK86lPsMowr
+XUCwpp0MhkFLwjDD+utssB6kxdEzEle9wvF/bzqEHhE0iTY9kyr9h24PTNVlFDmc
+UTmOvcZtusZuMlBWopDM8XBENnLiwWPiLzbhQ/wvVbzwLFbct7UPh5d7ITHhCX36
+4SJD3t2CEe1u6x7hvWRlZOsZhk+q4pPSG4N4S0nBk7ugrmTJ9zG8pGla
+-----END CERTIFICATE-----
\ No newline at end of file
new file mode 100644
--- /dev/null
+++ b/security/manager/ssl/tests/mochitest/browser/longOID.pem.certspec
@@ -0,0 +1,4 @@
+issuer:Long OID
+subject:Long OID
+extension:basicConstraints:cA,
+extension:certificatePolicies:1.2.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.999999999.1
--- a/security/manager/ssl/tests/mochitest/browser/moz.build
+++ b/security/manager/ssl/tests/mochitest/browser/moz.build
@@ -19,16 +19,17 @@ BROWSER_CHROME_MANIFESTS += ['browser.in
 #    'email-ee.pem',
 #    'expired-ca.pem',
 #    'has-cn.pem',
 #    'has-empty-subject.pem',
 #    'has-non-empty-subject.pem',
 #    'has-o.pem',
 #    'has-ou.pem',
 #    'invalid.pem',
+#    'longOID.pem',
 #    'md5-ee.pem',
 #    'revoked.pem',
 #    'ssl-ee.pem',
 #    'unknown-issuer.pem',
 #    'untrusted-ca.pem',
 #)
 #
 #for test_certificate in test_certificates: