Apply better input checking discipline.

author: wolfbeast <mcwerewolf@wolfbeast.com> 2019-07-17 01:15:00 +0200
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2019-07-17 01:15:00 +0200
commit: ef189737a3a97bbdeb06825c06121697f62ed50b (patch)
tree: 5f4f91c5bb32b0365485bd79cda33c576f821b9e /security/nss/lib/cryptohi
parent: ca0083022fad1f9fb2a7b1d4b94f32402026e3e6 (diff)
download: UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.gz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.lz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.xz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c
index 080909772..173096050 100644
--- a/security/nss/lib/cryptohi/seckey.c
+++ b/security/nss/lib/cryptohi/seckey.c
@@ -639,6 +639,11 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
                     return pubk;
                 break;
             case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+                /* A basic sanity check on inputs. */
+                if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
+                    PORT_SetError(SEC_ERROR_INPUT_LEN);
+                    break;
+                }
                 pubk->keyType = ecKey;
                 pubk->u.ec.size = 0;
author	wolfbeast <mcwerewolf@wolfbeast.com>	2019-07-17 01:15:00 +0200
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2019-07-17 01:15:00 +0200
commit	ef189737a3a97bbdeb06825c06121697f62ed50b (patch)
tree	5f4f91c5bb32b0365485bd79cda33c576f821b9e /security/nss/lib/cryptohi
parent	ca0083022fad1f9fb2a7b1d4b94f32402026e3e6 (diff)
download	UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.gz UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.lz UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.xz UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.zip