Add bounds check in PKCS7 streaming indefinite-length end-of-content parsing

[anhu]

Fixes ZD 21399 Finding #1

[anhu]

Jenkins retest this please.

[dgarske]

Clang-tidy: unchecked XFSEEK return values in test_pkcs7.c lines 4878 and 4880 — the PR adds calls like XFSEEK(f, 0, XSEEK_END); and XFSEEK(f, 0, XSEEK_SET); without using the return value, triggering bugprone-unused-return-value. This failed 3 of 4 clang-tidy configurations (PRB-multi-test-script #9983).

Fix: capture and check the return value, e.g.:

if (XFSEEK(f, 0, XSEEK_END) != 0) { /* handle error */ }

[jeremylaratro]

Hi! I submitted the initial ticket. Would using something like “ ExpectIntEQ” work?
Ex.

    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
    if (f != XBADFILE) {
        ExpectIntEQ(XFSEEK(f, 0, XSEEK_END), 0);
        ExpectIntGT(derSz = (word32)XFTELL(f), 0);
        ExpectIntEQ(XFSEEK(f, 0, XSEEK_SET), 0);
        ExpectNotNull(der = (byte*)XMALLOC(derSz, HEAP_HINT,
                                           DYNAMIC_TYPE_TMP_BUFFER));
        if (der != NULL) {
            ExpectIntEQ((int)XFREAD(der, 1, derSz, f), (int)derSz);
        }
        XFCLOSE(f);
    }

[anhu]

Hi! I submitted the initial ticket. Would using something like “ ExpectIntEQ” work? Ex.

Yes, I believe so. Sorry it has taken so long for me to reply. Its been a busy weekend. :)

[jeremylaratro]

Hi! I submitted the initial ticket. Would using something like “ ExpectIntEQ” work? Ex.

Yes, I believe so. Sorry it has taken so long for me to reply. Its been a busy weekend. :)

No worries at all. You've been very fast to reply, take as much time as you need, happy to help!

[dgarske]

Jenkins retest this please. @anhu Guessing the new file is not in an include.am which is why the make distcheck is failing.

[anhu]

All checks passed. Good to go.

[anhu]

All tests passed. Ready for merge.

resolved