From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../gtests/certdb_gtest/decode_certs_unittest.cc   | 41 ++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 security/nss/gtests/certdb_gtest/decode_certs_unittest.cc

(limited to 'security/nss/gtests/certdb_gtest/decode_certs_unittest.cc')

diff --git a/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
new file mode 100644
index 0000000000..3317ae8eed
--- /dev/null
+++ b/security/nss/gtests/certdb_gtest/decode_certs_unittest.cc
@@ -0,0 +1,41 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "gtest/gtest.h"
+
+#include "cert.h"
+#include "prerror.h"
+#include "secerr.h"
+
+class DecodeCertsTest : public ::testing::Test {};
+
+TEST_F(DecodeCertsTest, EmptyCertPackage) {
+  // This represents a PKCS#7 ContentInfo with a contentType of
+  // '2.16.840.1.113730.2.5' (Netscape data-type cert-sequence) and a content
+  // consisting of an empty SEQUENCE. This is valid ASN.1, but it contains no
+  // certificates, so CERT_DecodeCertFromPackage should just return a null
+  // pointer.
+  unsigned char emptyCertPackage[] = {0x30, 0x0f, 0x06, 0x09, 0x60, 0x86,
+                                      0x48, 0x01, 0x86, 0xf8, 0x42, 0x02,
+                                      0x05, 0xa0, 0x02, 0x30, 0x00};
+  EXPECT_EQ(nullptr, CERT_DecodeCertFromPackage(
+                         reinterpret_cast<char*>(emptyCertPackage),
+                         sizeof(emptyCertPackage)));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
+
+TEST_F(DecodeCertsTest, EmptySignedData) {
+  // This represents a PKCS#7 ContentInfo of contentType
+  // 1.2.840.113549.1.7.2 (signedData) with missing content.
+  unsigned char emptySignedData[] = {0x30, 0x80, 0x06, 0x09, 0x2a, 0x86,
+                                     0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07,
+                                     0x02, 0x00, 0x00, 0x05, 0x00};
+
+  EXPECT_EQ(nullptr,
+            CERT_DecodeCertFromPackage(reinterpret_cast<char*>(emptySignedData),
+                                       sizeof(emptySignedData)));
+  EXPECT_EQ(SEC_ERROR_BAD_DER, PR_GetError());
+}
-- 
cgit v1.2.3