diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2003-11-20 02:08:34 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2003-11-20 02:08:34 +0000 |
| commit | 05fe2f4059868612edbb0e5d871097287728d6c9 (patch) | |
| tree | 0331c698de2eea935a29971fcbbccc26ad2292e1 | |
| parent | 99bae4438459677de302b8257c09460a5e9fe27f (diff) | |
| download | nss-hg-05fe2f4059868612edbb0e5d871097287728d6c9.tar.gz | |
Don't accept ASN.1 items whose length is 2GB or more.
Bugscape bug 53875. r=wchang0222 and r=relyea.
| -rw-r--r-- | security/nss/lib/util/secasn1d.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index 965fa702d..2663abd3b 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -959,7 +959,7 @@ sec_asn1d_parse_more_length (sec_asn1d_state *state, count = 0; while (len && state->pending) { - if (HIGH_BITS (state->contents_length, 8) != 0) { + if (HIGH_BITS (state->contents_length, 9) != 0) { /* * The given full content length overflows our container; * just give up. |