unwrap needs more error checks

Javex / libscep

Implementation of the SCEP protocol in C for both client and server

6 stars 8 forks source link

unwrap needs more error checks #36

Open gknocke opened 9 years ago

gknocke commented 9 years ago

Eg. if someones sends crap to scep_certrep it replies that it cannot read the transactionID. First, it should check if it is really getting a valid PKCS7 structure before trying to evaluate attributes.

Javex commented 9 years ago

It already kind of does, doesn't it? We use d2i_PKCS7 so the message must be readable as a PKCS#7. Then we check for the correct tpyes and presence of parameters. Do you think we need more here?