summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/external/nss/nss.symbols1
-rw-r--r--security/manager/ssl/nsNSSIOLayer.cpp58
2 files changed, 1 insertions, 58 deletions
diff --git a/config/external/nss/nss.symbols b/config/external/nss/nss.symbols
index 3239d3119..7a968b6c8 100644
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -165,7 +165,6 @@ DER_GeneralizedTimeToTime
DER_GeneralizedTimeToTime_Util
DER_GetInteger
DER_GetInteger_Util
-DER_Lengths
DER_SetUInteger
DER_UTCTimeToTime_Util
DSAU_DecodeDerSigToLen
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
index 93fca396b..d2549c52d 100644
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -1916,59 +1916,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
}
SECItem* dername;
- SECStatus rv;
- int headerlen;
- uint32_t contentlen;
- SECItem newitem;
int n;
char* namestring;
for (n = 0; n < caNames->nnames; n++) {
- newitem.data = nullptr;
dername = &caNames->names[n];
- rv = DER_Lengths(dername, &headerlen, &contentlen);
-
- if (rv != SECSuccess) {
- goto loser;
- }
-
- if (headerlen + contentlen != dername->len) {
- // This must be from an enterprise 2.x server, which sent
- // incorrectly formatted der without the outer wrapper of type and
- // length. Fix it up by adding the top level header.
- if (dername->len <= 127) {
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 2);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) dername->len;
- (void) memcpy(&newitem.data[2], dername->data, dername->len);
- } else if (dername->len <= 255) {
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 3);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) 0x81;
- newitem.data[2] = (unsigned char) dername->len;
- (void) memcpy(&newitem.data[3], dername->data, dername->len);
- } else {
- // greater than 256, better be less than 64k
- newitem.data = (unsigned char*) PR_Malloc(dername->len + 4);
- if (!newitem.data) {
- goto loser;
- }
- newitem.data[0] = (unsigned char) 0x30;
- newitem.data[1] = (unsigned char) 0x82;
- newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff);
- newitem.data[3] = (unsigned char) (dername->len & 0xff);
- memcpy(&newitem.data[4], dername->data, dername->len);
- }
- dername = &newitem;
- }
-
namestring = CERT_DerNameToAscii(dername);
if (!namestring) {
// XXX - keep going until we fail to convert the name
@@ -1977,21 +1930,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings,
caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring);
PR_Free(namestring);
if (!caNameStrings[n]) {
- goto loser;
+ return SECFailure;
}
}
-
- if (newitem.data) {
- PR_Free(newitem.data);
- }
}
return SECSuccess;
-loser:
- if (newitem.data) {
- PR_Free(newitem.data);
- }
- return SECFailure;
}
// Possible behaviors for choosing a cert for client auth.