Bug 1411458 - Confirm we actually have a PKCS#7 signedData content info. r=jcj
☠☠ backed out by 15663d3f8728 ☠ ☠
authorDavid Keeler <dkeeler@mozilla.com>
Wed, 25 Oct 2017 09:54:13 -0700
changeset 430890 c2bdce9b76f2135fd100f073b6ccaf8bb9a69fed
parent 430889 c2cecb6d6f9bb85f258a66cf8e94c1860adde7e5
child 430891 f1cf84a50ebc368ad4e2088957cbda008a74520d
push id108
push userfmarier@mozilla.com
push dateFri, 03 Nov 2017 18:37:44 +0000
reviewersjcj
bugs1411458
milestone58.0a1
Bug 1411458 - Confirm we actually have a PKCS#7 signedData content info. r=jcj MozReview-Commit-ID: GKfL1C0EPWt
security/manager/ssl/nsDataSignatureVerifier.cpp
--- a/security/manager/ssl/nsDataSignatureVerifier.cpp
+++ b/security/manager/ssl/nsDataSignatureVerifier.cpp
@@ -165,16 +165,22 @@ VerifyCMSDetachedSignatureIncludingCerti
     return NS_ERROR_CMS_VERIFY_NOT_SIGNED;
   }
 
   NSSCMSContentInfo* cinfo = NSS_CMSMessage_ContentLevel(cmsMsg.get(), 0);
   if (!cinfo) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
+  // We're expecting this to be a PKCS#7 signedData content info.
+  if (NSS_CMSContentInfo_GetContentTypeTag(cinfo)
+        != SEC_OID_PKCS7_SIGNED_DATA) {
+    return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
+  }
+
   // signedData is non-owning
   NSSCMSSignedData* signedData =
     static_cast<NSSCMSSignedData*>(NSS_CMSContentInfo_GetContent(cinfo));
   if (!signedData) {
     return NS_ERROR_CMS_VERIFY_NO_CONTENT_INFO;
   }
 
   // Set digest value.