bug 1047494 - refactor tautological size check in mozilla::pkix::VerifySignedData r=briansmith
authorDavid Keeler <dkeeler@mozilla.com>
Fri, 08 Aug 2014 11:28:44 -0700
changeset 14643 37e60712078a5ef499dca27cc9377eeb199fc51c
parent 14642 d641b9be5414ca0cd4387bc516b8f0cfd848e336
child 14644 75a4cfe83b66d47bd2f9f9d8a55a55364f1718c0
push id3202
push userfranziskuskiefer@gmail.com
push dateMon, 01 Oct 2018 08:30:12 +0000
reviewersbriansmith
bugs1047494
bug 1047494 - refactor tautological size check in mozilla::pkix::VerifySignedData r=briansmith
lib/mozpkix/lib/pkixnss.cpp
--- a/lib/mozpkix/lib/pkixnss.cpp
+++ b/lib/mozpkix/lib/pkixnss.cpp
@@ -87,22 +87,16 @@ CheckPublicKey(Input subjectPublicKeyInf
   ScopedSECKeyPublicKey unused;
   return CheckPublicKeySize(subjectPublicKeyInfo, unused);
 }
 
 Result
 VerifySignedData(const SignedDataWithSignature& sd,
                  Input subjectPublicKeyInfo, void* pkcs11PinArg)
 {
-  // See bug 921585.
-  if (sd.data.GetLength() >
-        static_cast<unsigned int>(std::numeric_limits<int>::max())) {
-    return Result::FATAL_ERROR_INVALID_ARGS;
-  }
-
   SECOidTag pubKeyAlg;
   SECOidTag digestAlg;
   switch (sd.algorithm) {
     case SignatureAlgorithm::ecdsa_with_sha512:
       pubKeyAlg = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
       digestAlg = SEC_OID_SHA512;
       break;
     case SignatureAlgorithm::ecdsa_with_sha384:
@@ -148,18 +142,22 @@ VerifySignedData(const SignedDataWithSig
 
   Result rv;
   ScopedSECKeyPublicKey pubKey;
   rv = CheckPublicKeySize(subjectPublicKeyInfo, pubKey);
   if (rv != Success) {
     return rv;
   }
 
-  // The static_cast is safe according to the check above that references
-  // bug 921585.
+  // The static_cast is safe as long as the length of the data in sd.data can
+  // fit in an int. Right now that length is stored as a uint16_t, so this
+  // works. In the future this may change, hence the assertion.
+  // See also bug 921585.
+  static_assert(sizeof(decltype(sd.data.GetLength())) < sizeof(int),
+                "sd.data.GetLength() must fit in an int");
   SECItem dataSECItem(UnsafeMapInputToSECItem(sd.data));
   SECItem signatureSECItem(UnsafeMapInputToSECItem(sd.signature));
   SECStatus srv = VFY_VerifyDataDirect(dataSECItem.data,
                                        static_cast<int>(dataSECItem.len),
                                        pubKey.get(), &signatureSECItem,
                                        pubKeyAlg, digestAlg, nullptr,
                                        pkcs11PinArg);
   if (srv != SECSuccess) {