Bug 629816: Add a comment to explain the max oid length of 9. r=rrelyea.
authorWan-Teh Chang <wtc@google.com>
Thu, 14 Mar 2013 12:41:59 -0700
changeset 10695 7d875a0678dffd5b52221530ade93638b8ecb940
parent 10694 c2f317d49d315d755ff0bd98b2542f5785da25ec
child 10696 dd1ce24a81c5f938c89e557170019ab41263322a
push id8
push userwtc@google.com
push dateThu, 14 Mar 2013 19:42:23 +0000
reviewersrrelyea
bugs629816
Bug 629816: Add a comment to explain the max oid length of 9. r=rrelyea.
lib/pkcs7/certread.c
--- a/lib/pkcs7/certread.c
+++ b/lib/pkcs7/certread.c
@@ -163,16 +163,17 @@ CERT_DecodeCertPackage(char *certbuf,
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return(SECFailure);
     }
     /*
      * Make sure certlen is long enough to handle the longest possible
      * reference in the code below:
      * 0x30 0x84 l1 l2 l3 l4  +
      *                       tag 9 o1 o2 o3 o4 o5 o6 o7 o8 o9
+     * where 9 is the longest length of the expected oids we are testing.
      *   6 + 11 = 17. 17 bytes is clearly too small to code any kind of
      *  certificate (a 128 bit ECC certificate contains at least an 8 byte
      * key and a 16 byte signature, plus coding overhead). Typically a cert
      * is much larger. So it's safe to require certlen to be at least 17
      * bytes.
      */
     if (certlen < 17) {
 	PORT_SetError(SEC_ERROR_INPUT_LEN);
@@ -253,19 +254,21 @@ CERT_DecodeCertPackage(char *certbuf,
 		return(SECFailure);
 	    }
 
 	    certitem.data = (unsigned char*)certbuf;
 	    certitem.len = certlen;
 	    
 	    switch ( oiddata->offset ) {
 	      case SEC_OID_PKCS7_SIGNED_DATA:
+		/* oid: 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02 */
 		return(SEC_ReadPKCS7Certs(&certitem, f, arg));
 		break;
 	      case SEC_OID_NS_TYPE_CERT_SEQUENCE:
+		/* oid: 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x02, 0x05 */
 		return(SEC_ReadCertSequence(&certitem, f, arg));
 		break;
 	      default:
 		break;
 	    }
 	    
 	} else {
 	    /* it had better be a certificate by now!! */