diff options
author | julien.pierre.bugs%sun.com <devnull@localhost> | 2007-04-25 23:45:54 +0000 |
---|---|---|
committer | julien.pierre.bugs%sun.com <devnull@localhost> | 2007-04-25 23:45:54 +0000 |
commit | c0892a33f062e06de8eacc3c61641cfa619559d1 (patch) | |
tree | c9d28dae26f68a84f652f0b87e8bfbf63cb6dbc8 | |
parent | b7743861d7405f8a64f9c77a389c7847170878a7 (diff) | |
download | nss-hg-c0892a33f062e06de8eacc3c61641cfa619559d1.tar.gz |
Fix for bug 378104. Stop certutil from crashing when creating certs with very long validity. r=alexei,nelson
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 7 | ||||
-rw-r--r-- | security/nss/lib/util/sectime.c | 4 |
2 files changed, 8 insertions, 3 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 4faa1b809..4bbc85917 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -1433,13 +1433,14 @@ MakeV1Cert( CERTCertDBHandle * handle, /* note that the time is now in micro-second unit */ validity = CERT_CreateValidity (now, after); - - cert = CERT_CreateCertificate(serialNumber, + if (validity) { + cert = CERT_CreateCertificate(serialNumber, (selfsign ? &req->subject : &issuerCert->subject), validity, req); - CERT_DestroyValidity(validity); + CERT_DestroyValidity(validity); + } if ( issuerCert ) { CERT_DestroyCertificate (issuerCert); } diff --git a/security/nss/lib/util/sectime.c b/security/nss/lib/util/sectime.c index a5a927bb4..bea0ffacc 100644 --- a/security/nss/lib/util/sectime.c +++ b/security/nss/lib/util/sectime.c @@ -116,6 +116,10 @@ CERT_CreateValidity(int64 notBefore, int64 notAfter) int rv; PRArenaPool *arena; + if (notBefore > notAfter) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if ( !arena ) { |