diff options
| author | wtc%netscape.com <devnull@localhost> | 2002-06-21 21:46:48 +0000 |
|---|---|---|
| committer | wtc%netscape.com <devnull@localhost> | 2002-06-21 21:46:48 +0000 |
| commit | 6b4dd6711a8be92a3050140e373f49402ff6c4e0 (patch) | |
| tree | de214aee6018a048bf397ed0ab87b3f6d18afb3d | |
| parent | 76fa77815995cbe6aef8b9f1f1ffeaf96f52ac32 (diff) | |
| download | nss-hg-6b4dd6711a8be92a3050140e373f49402ff6c4e0.tar.gz | |
Bug 151940: SEC_PKCS12DecoderVerify should call SEC_ASN1DecoderFinish first
to detect insufficient input data error. With mozilla1.0.1+ and adt1.0.1+
approvals.
Tag: MOZILLA_1_0_BRANCH
| -rw-r--r-- | security/nss/lib/pkcs12/p12d.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index ca5017cc5..77e83a6fd 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -1408,6 +1408,12 @@ SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx) return SECFailure; } + rv = SEC_ASN1DecoderFinish(p12dcx->pfxDcx); + p12dcx->pfxDcx = NULL; + if(rv != SECSuccess) { + return rv; + } + /* check the signature or the mac depending on the type of * integrity used. */ |