diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-08-18 16:25:15 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2019-08-18 16:26:16 +0200 |
commit | 202296d02aa99afa90581333ab059c050b9c3ade (patch) | |
tree | 6ed8a1289bed1bb06d2703ea77cba5fccd3bdffa /security/nss/lib/util/quickder.c | |
parent | 1530f48c27fb13d7cbd2708c9f0fcf2dabc6ed6a (diff) | |
parent | ab6242a93b849b0a3c7525b16bc01dd3172fc167 (diff) | |
download | UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.gz UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.lz UXP-202296d02aa99afa90581333ab059c050b9c3ade.tar.xz UXP-202296d02aa99afa90581333ab059c050b9c3ade.zip |
Pull Basilisk-release forward.
Diffstat (limited to 'security/nss/lib/util/quickder.c')
-rw-r--r-- | security/nss/lib/util/quickder.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c index 7a6ac1c53..70ae42b27 100644 --- a/security/nss/lib/util/quickder.c +++ b/security/nss/lib/util/quickder.c @@ -757,6 +757,13 @@ DecodeItem(void* dest, } case SEC_ASN1_BIT_STRING: { + /* Can't be 8 or more spare bits, or any spare bits + * if there are no octets. */ + if (temp.data[0] >= 8 || (temp.data[0] > 0 && temp.len == 1)) { + PORT_SetError(SEC_ERROR_BAD_DER); + rv = SECFailure; + break; + } /* change the length in the SECItem to be the number of bits */ temp.len = (temp.len - 1) * 8 - (temp.data[0] & 0x7); |