diff options
author | nelson%bolyard.com <devnull@localhost> | 2009-04-13 18:45:34 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2009-04-13 18:45:34 +0000 |
commit | 0682944e3dba3a9bebf36d95439efec4c69b3521 (patch) | |
tree | 8845e0327de48b3d7225ad0ca0d8f1954ef07901 | |
parent | f8cd30a9316920b62b4ac4064d9a2e99bd01eb3f (diff) | |
download | nss-hg-0682944e3dba3a9bebf36d95439efec4c69b3521.tar.gz |
Bug 487487: CERT_NameToAscii reports "!Invalid AVA!" whenever value exceeds 384 bytes
Patch contributed by Kaspar Brand <mozbugzilla@velox.ch>, r=nelson
-rw-r--r-- | security/nss/lib/certdb/alg1485.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index 2e50154db..651b624d0 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -1003,7 +1003,8 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) if (nameLen < fair) { /* just truncate the value */ - maxValue = (sizeof tmpBuf) - (nameLen + 5); /* for "=...\0" */ + maxValue = (sizeof tmpBuf) - (nameLen + 6); /* for "=...\0", + and possibly '"' */ } else if (valueLen < fair) { /* just truncate the name */ maxName = (sizeof tmpBuf) - (valueLen + 5); /* for "=...\0" */ @@ -1058,19 +1059,20 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava, CertStrictnessLevel strict) rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, (char *)avaValue->data, valueLen, &mode); - bigTmpBuf[valueLen--] = 0; /* hard stop here */ + bigTmpBuf[valueLen--] = '\0'; /* hard stop here */ + /* See if we're in the middle of a multi-byte UTF8 character */ while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) { - bigTmpBuf[valueLen--] = 0; + bigTmpBuf[valueLen--] = '\0'; } - /* add elipsis to signify truncation. */ + /* add ellipsis to signify truncation. */ bigTmpBuf[++valueLen] = '.'; bigTmpBuf[++valueLen] = '.'; bigTmpBuf[++valueLen] = '.'; if (bigTmpBuf[0] == '"') bigTmpBuf[++valueLen] = '"'; - bigTmpBuf[++valueLen] = 0; - PORT_Assert(nameLen + valueLen <= sizeof tmpBuf); - memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen); + bigTmpBuf[++valueLen] = '\0'; + PORT_Assert(nameLen + valueLen <= (sizeof tmpBuf) - 1); + memcpy(encodedAVA + nameLen, bigTmpBuf, valueLen+1); } SECITEM_FreeItem(avaValue, PR_TRUE); |