diff options
| author | nelson%bolyard.com <devnull@localhost> | 2007-08-29 21:59:06 +0000 |
|---|---|---|
| committer | nelson%bolyard.com <devnull@localhost> | 2007-08-29 21:59:06 +0000 |
| commit | fbf32ad46d0afe8536a798b49ae1bd7202abdaa4 (patch) | |
| tree | 0795ca023e8eca904c5412d510ce3add67a0a23d | |
| parent | 8c62cf06bee60486b602e8d27d37574d8502f0c6 (diff) | |
| download | nss-hg-fbf32ad46d0afe8536a798b49ae1bd7202abdaa4.tar.gz | |
Bug 392208 - PK11_FindCertByIssuerAndSN must validate input arguments
r=Kaspar Brand, sr=rrelyea
| -rw-r--r-- | security/nss/lib/certdb/certt.h | 5 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 16 |
2 files changed, 20 insertions, 1 deletions
diff --git a/security/nss/lib/certdb/certt.h b/security/nss/lib/certdb/certt.h index ca5dbf41e..56922ee15 100644 --- a/security/nss/lib/certdb/certt.h +++ b/security/nss/lib/certdb/certt.h @@ -620,7 +620,10 @@ struct CERTBasicConstraintsStr { /* Maximum length of a certificate chain */ #define CERT_MAX_CERT_CHAIN 20 -/* x.509 v3 Reason Falgs, used in CRLDistributionPoint Extension */ +#define CERT_MAX_SERIAL_NUMBER_BYTES 20 /* from RFC 3280 */ +#define CERT_MAX_DN_BYTES 4096 /* arbitrary */ + +/* x.509 v3 Reason Flags, used in CRLDistributionPoint Extension */ #define RF_UNUSED (0x80) /* bit 0 */ #define RF_KEY_COMPROMISE (0x40) /* bit 1 */ #define RF_CA_COMPROMISE (0x20) /* bit 2 */ diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index c361bd44a..8aed6d48c 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1187,6 +1187,14 @@ PK11_FindCertByIssuerAndSNOnToken(PK11SlotInfo *slot, SECItem *derSerial; PRStatus status; + if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len || + !issuerSN->serialNumber.data || !issuerSN->serialNumber.len || + issuerSN->derIssuer.len > CERT_MAX_DN_BYTES || + issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + /* Paranoia */ if (token == NULL) { PORT_SetError(SEC_ERROR_NO_TOKEN); @@ -1522,6 +1530,14 @@ PK11_FindCertByIssuerAndSN(PK11SlotInfo **slotPtr, CERTIssuerAndSN *issuerSN, NSSCryptoContext *cc; SECItem *derSerial; + if (!issuerSN || !issuerSN->derIssuer.data || !issuerSN->derIssuer.len || + !issuerSN->serialNumber.data || !issuerSN->serialNumber.len || + issuerSN->derIssuer.len > CERT_MAX_DN_BYTES || + issuerSN->serialNumber.len > CERT_MAX_SERIAL_NUMBER_BYTES ) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + if (slotPtr) *slotPtr = NULL; /* PKCS#11 needs to use DER-encoded serial numbers. Create a |