diff options
Diffstat (limited to 'security/nss/lib/certdb/alg1485.c')
| -rw-r--r-- | security/nss/lib/certdb/alg1485.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index 38b2fe4b5..9a69c5bc5 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -703,14 +703,19 @@ CERT_GetOidString(const SECItem* oid) return NULL; } + /* If the OID has length 1, we bail. */ + if (oid->len < 2) { + return NULL; + } + /* first will point to the next sequence of bytes to decode */ first = (PRUint8*)oid->data; /* stop points to one past the legitimate data */ stop = &first[oid->len]; /* - * Check for our pseudo-encoded single-digit OIDs - */ + * Check for our pseudo-encoded single-digit OIDs + */ if ((*first == 0x80) && (2 == oid->len)) { /* Funky encoding. The second byte is the number */ rvString = PR_smprintf("%lu", (PRUint32)first[1]); @@ -728,6 +733,10 @@ CERT_GetOidString(const SECItem* oid) break; } } + /* There's no first bit set, so this isn't valid. Bail.*/ + if (last == stop) { + goto unsupported; + } bytesBeforeLast = (unsigned int)(last - first); if (bytesBeforeLast <= 3U) { /* 0-28 bit number */ PRUint32 n = 0; @@ -748,12 +757,12 @@ CERT_GetOidString(const SECItem* oid) CASE(2, 0x7f); CASE(1, 0x7f); case 0: - n |= - last[0] & 0x7f; + n |= last[0] & 0x7f; break; } - if (last[0] & 0x80) + if (last[0] & 0x80) { goto unsupported; + } if (!rvString) { /* This is the first number.. decompose it */ @@ -1305,8 +1314,7 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert) } } else if (current->type == certRFC822Name) { rawEmailAddr = - (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + - 1); + (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1); if (!rawEmailAddr) { goto finish; } |