diff options
author | nelson%bolyard.com <devnull@localhost> | 2007-08-29 01:23:11 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2007-08-29 01:23:11 +0000 |
commit | 1addc56013d2bf0fb24ef4afaa8205ff09ec5300 (patch) | |
tree | 0baedbbc101743f25bd1974a8b87755175619195 | |
parent | 3d13b839467eb032fe0d9ca22dbdf1a5951a5670 (diff) | |
download | nss-hg-1addc56013d2bf0fb24ef4afaa8205ff09ec5300.tar.gz |
Bug 392208 - PK11_FindCertByIssuerAndSN must validate input arguments
r=kaspar Brand,sr=rrelyea
-rw-r--r-- | security/nss/lib/certdb/certt.h | 5 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 16 |
2 files changed, 20 insertions, 1 deletions
diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index 5d4eb6f42..5b0db4c40 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -618,7 +618,10 @@ struct CERTBasicConstraintsStr { /* Maximum length of a certificate chain */ #define CERT_MAX_CERT_CHAIN 20 -/* x.509 v3 Reason Falgs, used in CRLDistributionPoint Extension */ +#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */ +#define CERT_MAX_DN_BYTES 4096 /* arbitrary */ + +/* x.509 v3 Reason Flags, used in CRLDistributionPoint Extension */ #define RF_UNUSED (0x80) /* bit 0 */ #define RF_KEY_COMPROMISE (0x40) /* bit 1 */ #define RF_CA_COMPROMISE (0x20) /* bit 2 */ diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 587130d21..9f900801d 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1172,6 +1172,14 @@ PK11_FindCertByIssuerAndSNOnToken(PK11SlotInfo *slot, SECItem *derSerial; PRStatus status; + if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len || + !issuerSN->serialNumber.data || !issuerSN->serialNumber.len || + issuerSN->derIssuer.len > CERT_MAX_DN_BYTES || + issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + /* Paranoia */ if (token == NULL) { PORT_SetError(SEC_ERROR_NO_TOKEN); @@ -1507,6 +1515,14 @@ PK11_FindCertByIssuerAndSN(PK11SlotInfo **slotPtr, CERTIssuerAndSN *issuerSN, NSSCryptoContext *cc; SECItem *derSerial; + if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len || + !issuerSN->serialNumber.data || !issuerSN->serialNumber.len || + issuerSN->derIssuer.len > CERT_MAX_DN_BYTES || + issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + if (slotPtr) *slotPtr = NULL; /* PKCS#11 needs to use DER-encoded serial numbers. Create a |