Bug 1018064: Replace mozilla::pkix::der::Input::Match with mozilla::p…

…kix::der::Input::MatchRest, r=mmc --HG-- extra : rebase_source : 5c5b14cf23b1e40854d241cbc482de40b01ac494
sailfishos-mirror · May 30, 2014 · 121b216 · 121b216
1 parent 00a5bea
commit 121b216
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 29 deletions.
diff --git a/lib/mozpkix/lib/pkixcheck.cpp b/lib/mozpkix/lib/pkixcheck.cpp
@@ -427,25 +427,25 @@ MatchEKU(der::Input& value, KeyPurposeId requiredEKU,
         // Comodo has issued certificates that require this behavior that don't
         // expire until June 2020! TODO(bug 982932): Limit this exception to
         // old certificates.
-        match = value.MatchBytes(server) ||
+        match = value.MatchRest(server) ||
                 (endEntityOrCA == EndEntityOrCA::MustBeCA &&
-                 value.MatchBytes(serverStepUp));
+                 value.MatchRest(serverStepUp));
         break;
 
       case KeyPurposeId::id_kp_clientAuth:
-        match = value.MatchBytes(client);
+        match = value.MatchRest(client);
         break;
 
       case KeyPurposeId::id_kp_codeSigning:
-        match = value.MatchBytes(code);
+        match = value.MatchRest(code);
         break;
 
       case KeyPurposeId::id_kp_emailProtection:
-        match = value.MatchBytes(email);
+        match = value.MatchRest(email);
         break;
 
       case KeyPurposeId::id_kp_OCSPSigning:
-        match = value.MatchBytes(ocsp);
+        match = value.MatchRest(ocsp);
         break;
 
       case KeyPurposeId::anyExtendedKeyUsage:
@@ -459,13 +459,11 @@ MatchEKU(der::Input& value, KeyPurposeId requiredEKU,
   }
 
   if (match) {
-    if (value.AtEnd()) {
-      found = true;
-      if (requiredEKU == KeyPurposeId::id_kp_OCSPSigning) {
-        foundOCSPSigning = true;
-      }
+    found = true;
+    if (requiredEKU == KeyPurposeId::id_kp_OCSPSigning) {
+      foundOCSPSigning = true;
     }
-  } else if (value.MatchBytes(ocsp) && value.AtEnd()) {
+  } else if (value.MatchRest(ocsp)) {
     foundOCSPSigning = true;
   }
 

diff --git a/lib/mozpkix/lib/pkixder.h b/lib/mozpkix/lib/pkixder.h
@@ -151,9 +151,12 @@ class Input
   }
 
   template <uint16_t N>
-  bool MatchBytes(const uint8_t (&toMatch)[N])
+  bool MatchRest(const uint8_t (&toMatch)[N])
   {
-    if (EnsureLength(N) != Success) {
+    // Normally we use EnsureLength which compares (input + len < end), but
+    // here we want to be sure that there is nothing following the matched
+    // bytes
+    if (static_cast<size_t>(end - input) != N) {
       return false;
     }
     if (memcmp(input, toMatch, N)) {

diff --git a/lib/mozpkix/test/gtest/pkixder_input_tests.cpp b/lib/mozpkix/test/gtest/pkixder_input_tests.cpp
@@ -655,56 +655,52 @@ TEST_F(pkixder_input_tests, NestedOfWithTruncatedData)
   ASSERT_EQ((size_t) 0, readValues.size());
 }
 
-TEST_F(pkixder_input_tests, MatchBytesAtEnd)
+TEST_F(pkixder_input_tests, MatchRestAtEnd)
 {
   Input input;
   static const uint8_t der[1] = { };
   ASSERT_EQ(Success, input.Init(der, 0));
   ASSERT_TRUE(input.AtEnd());
   static const uint8_t toMatch[] = { 1 };
-  ASSERT_FALSE(input.MatchBytes(toMatch));
+  ASSERT_FALSE(input.MatchRest(toMatch));
 }
 
-TEST_F(pkixder_input_tests, MatchBytes1Match)
+TEST_F(pkixder_input_tests, MatchRest1Match)
 {
   Input input;
   static const uint8_t der[] = { 1 };
   ASSERT_EQ(Success, input.Init(der, sizeof der));
   ASSERT_FALSE(input.AtEnd());
-  ASSERT_TRUE(input.MatchBytes(der));
-  ASSERT_TRUE(input.AtEnd());
+  ASSERT_TRUE(input.MatchRest(der));
 }
 
-TEST_F(pkixder_input_tests, MatchBytes1Mismatch)
+TEST_F(pkixder_input_tests, MatchRest1Mismatch)
 {
   Input input;
   static const uint8_t der[] = { 1 };
   ASSERT_EQ(Success, input.Init(der, sizeof der));
   static const uint8_t toMatch[] = { 2 };
-  ASSERT_FALSE(input.MatchBytes(toMatch));
+  ASSERT_FALSE(input.MatchRest(toMatch));
   ASSERT_FALSE(input.AtEnd());
 }
 
-TEST_F(pkixder_input_tests, MatchBytes2Match)
+TEST_F(pkixder_input_tests, MatchRest2WithTrailingByte)
 {
   Input input;
   static const uint8_t der[] = { 1, 2, 3 };
   ASSERT_EQ(Success, input.Init(der, sizeof der));
   static const uint8_t toMatch[] = { 1, 2 };
-  ASSERT_TRUE(input.MatchBytes(toMatch));
-  uint8_t followingByte;
-  ASSERT_EQ(Success, input.Read(followingByte));
-  ASSERT_EQ(3, followingByte);
+  ASSERT_FALSE(input.MatchRest(toMatch));
 }
 
-TEST_F(pkixder_input_tests, MatchBytes2Mismatch)
+TEST_F(pkixder_input_tests, MatchRest2Mismatch)
 {
   Input input;
   static const uint8_t der[] = { 1, 2, 3 };
   ASSERT_EQ(Success, input.Init(der, sizeof der));
   static const uint8_t toMatchMismatch[] = { 1, 3 };
-  ASSERT_FALSE(input.MatchBytes(toMatchMismatch));
-  ASSERT_TRUE(input.MatchBytes(der));
+  ASSERT_FALSE(input.MatchRest(toMatchMismatch));
+  ASSERT_TRUE(input.MatchRest(der));
 }
 
 } // unnamed namespace