summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjulien.pierre.bugs%sun.com <devnull@localhost>2005-04-04 09:27:42 +0000
committerjulien.pierre.bugs%sun.com <devnull@localhost>2005-04-04 09:27:42 +0000
commitfc0f6c96cf7e88e8aa656c3ea26cd8c2d6be1e75 (patch)
tree032abe7f00b1337f0c7a526290fcf1765f0239c0
parent2f0ad7dca082798aebaa8e827069e642e2e1ef2b (diff)
downloadnss-hg-fc0f6c96cf7e88e8aa656c3ea26cd8c2d6be1e75.tar.gz
Fix for 287654 . Check input buffer length for C_Encrypt with RSA . r=nelson
Diffstat
-rw-r--r--security/nss/lib/softoken/rsawrapr.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/rsawrapr.c b/security/nss/lib/softoken/rsawrapr.c
index 2f5af8c0f..b40a30d80 100644
--- a/security/nss/lib/softoken/rsawrapr.c
+++ b/security/nss/lib/softoken/rsawrapr.c
@@ -416,6 +416,9 @@ rsa_FormatBlock(SECItem *result, unsigned modulusLen,
* Pad is zeros. The application is responsible for recovering
* the actual data.
*/
+ if (data->len > modulusLen ) {
+ return SECFailure;
+ }
result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
result->len = modulusLen;
PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);
View Lorry Controller Status