summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/freebl
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-07-17 01:15:00 +0200
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-07-17 01:15:00 +0200
commitef189737a3a97bbdeb06825c06121697f62ed50b (patch)
tree5f4f91c5bb32b0365485bd79cda33c576f821b9e /security/nss/lib/freebl
parentca0083022fad1f9fb2a7b1d4b94f32402026e3e6 (diff)
downloadUXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.gz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.lz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.tar.xz
UXP-ef189737a3a97bbdeb06825c06121697f62ed50b.zip
Apply better input checking discipline.
Diffstat (limited to 'security/nss/lib/freebl')
-rw-r--r--security/nss/lib/freebl/dh.c3
-rw-r--r--security/nss/lib/freebl/ec.c14
2 files changed, 10 insertions, 7 deletions
diff --git a/security/nss/lib/freebl/dh.c b/security/nss/lib/freebl/dh.c
index 6f2bafda2..b2d6d7430 100644
--- a/security/nss/lib/freebl/dh.c
+++ b/security/nss/lib/freebl/dh.c
@@ -210,7 +210,8 @@ DH_Derive(SECItem *publicValue,
unsigned int len = 0;
unsigned int nb;
unsigned char *secret = NULL;
- if (!publicValue || !prime || !privateValue || !derivedSecret) {
+ if (!publicValue || !publicValue->len || !prime || !prime->len ||
+ !privateValue || !privateValue->len || !derivedSecret) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
diff --git a/security/nss/lib/freebl/ec.c b/security/nss/lib/freebl/ec.c
index 6468a10d6..ddbcc2340 100644
--- a/security/nss/lib/freebl/ec.c
+++ b/security/nss/lib/freebl/ec.c
@@ -202,8 +202,8 @@ ec_NewKey(ECParams *ecParams, ECPrivateKey **privKey,
#endif
MP_DIGITS(&k) = 0;
- if (!ecParams || !privKey || !privKeyBytes || (privKeyLen < 0) ||
- !ecParams->name) {
+ if (!ecParams || ecParams->name == ECCurve_noName ||
+ !privKey || !privKeyBytes || privKeyLen <= 0) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -391,7 +391,7 @@ EC_NewKey(ECParams *ecParams, ECPrivateKey **privKey)
int len;
unsigned char *privKeyBytes = NULL;
- if (!ecParams) {
+ if (!ecParams || ecParams->name == ECCurve_noName || !privKey) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -430,7 +430,8 @@ EC_ValidatePublicKey(ECParams *ecParams, SECItem *publicValue)
mp_err err = MP_OKAY;
int len;
- if (!ecParams || !publicValue || !ecParams->name) {
+ if (!ecParams || ecParams->name == ECCurve_noName ||
+ !publicValue || !publicValue->len) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
@@ -536,8 +537,9 @@ ECDH_Derive(SECItem *publicValue,
int i;
#endif
- if (!publicValue || !ecParams || !privateValue || !derivedSecret ||
- !ecParams->name) {
+ if (!publicValue || !publicValue->len ||
+ !ecParams || ecParams->name == ECCurve_noName ||
+ !privateValue || !privateValue->len || !derivedSecret) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}