diff options
author | wtc%netscape.com <devnull@localhost> | 2002-12-04 23:41:49 +0000 |
---|---|---|
committer | wtc%netscape.com <devnull@localhost> | 2002-12-04 23:41:49 +0000 |
commit | eef5c560985bbddc79de5d0557354a3128f9f7e2 (patch) | |
tree | c48ef41fca167c1409adbe6ea85a9ed4979feea4 | |
parent | 6be6961bae0c56cb616a348fa3601d1f2eb86348 (diff) | |
parent | 29f91234b021fbcc06b20db84bcc68294a30a92d (diff) | |
download | nss-hg-eef5c560985bbddc79de5d0557354a3128f9f7e2.tar.gz |
Bug 39494: added a check to prevent buffer overflow. r=mcgreer,nelsonb.
-rw-r--r-- | security/nss/lib/certdb/alg1485.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c index fe8daf889..e414f4eb4 100644 --- a/security/nss/lib/certdb/alg1485.c +++ b/security/nss/lib/certdb/alg1485.c @@ -809,14 +809,19 @@ AppendAVA(stringBuf *bufp, CERTAVA *ava) } len = PORT_Strlen(tagName); + if (len+1 > sizeof(tmpBuf)) { + if (unknownTag) PR_smprintf_free(unknownTag); + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } PORT_Memcpy(tmpBuf, tagName, len); + if (unknownTag) PR_smprintf_free(unknownTag); tmpBuf[len++] = '='; /* escape and quote as necessary */ rv = CERT_RFC1485_EscapeAndQuote(tmpBuf+len, sizeof(tmpBuf)-len, (char *)avaValue->data, avaValue->len); SECITEM_FreeItem(avaValue, PR_TRUE); - if (unknownTag) PR_smprintf_free(unknownTag); if (rv) return SECFailure; rv = AppendStr(bufp, tmpBuf); |