From 8c4f3cc754fa3ddb1c9fe8215dc2bf5d3d329503 Mon Sep 17 00:00:00 2001
From: David Keeler <dkeeler@mozilla.com>
Date: Mon, 31 Mar 2014 13:24:16 -0700
Subject: [PATCH] bug 987295 - mozilla::pkix: fix decoding OCSP response
 extensions r=cviecco

---
 security/pkix/lib/pkixocsp.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/security/pkix/lib/pkixocsp.cpp b/security/pkix/lib/pkixocsp.cpp
index 8e51f01d9869a..f78856fa7f5bc 100644
--- a/security/pkix/lib/pkixocsp.cpp
+++ b/security/pkix/lib/pkixocsp.cpp
@@ -586,7 +586,8 @@ ResponseData(der::Input& input, Context& context,
   }
 
   if (!input.AtEnd()) {
-    if (CheckExtensionsForCriticality(input) != der::Success) {
+    if (der::Nested(input, der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 1,
+                    CheckExtensionsForCriticality) != der::Success) {
       return der::Failure;
     }
   }
@@ -708,9 +709,9 @@ SingleResponse(der::Input& input, Context& context)
     return der::Fail(SEC_ERROR_OCSP_OLD_RESPONSE);
   }
 
-
   if (!input.AtEnd()) {
-    if (CheckExtensionsForCriticality(input) != der::Success) {
+    if (der::Nested(input, der::CONTEXT_SPECIFIC | der::CONSTRUCTED | 1,
+                    CheckExtensionsForCriticality) != der::Success) {
       return der::Failure;
     }
   }
@@ -860,7 +861,7 @@ CheckExtensionForCriticality(der::Input& input)
 static der::Result
 CheckExtensionsForCriticality(der::Input& input)
 {
-  return der::NestedOf(input, der::SEQUENCE | 1, der::SEQUENCE,
+  return der::NestedOf(input, der::SEQUENCE, der::SEQUENCE,
                        der::MustNotBeEmpty, CheckExtensionForCriticality);
 }
 
-- 
GitLab