diff options
author | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-04-04 09:27:42 +0000 |
---|---|---|
committer | julien.pierre.bugs%sun.com <devnull@localhost> | 2005-04-04 09:27:42 +0000 |
commit | fc0f6c96cf7e88e8aa656c3ea26cd8c2d6be1e75 (patch) | |
tree | 032abe7f00b1337f0c7a526290fcf1765f0239c0 | |
parent | 2f0ad7dca082798aebaa8e827069e642e2e1ef2b (diff) | |
download | nss-hg-fc0f6c96cf7e88e8aa656c3ea26cd8c2d6be1e75.tar.gz |
Fix for 287654 . Check input buffer length for C_Encrypt with RSA . r=nelson
-rw-r--r-- | security/nss/lib/softoken/rsawrapr.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/security/nss/lib/softoken/rsawrapr.c b/security/nss/lib/softoken/rsawrapr.c index 2f5af8c0f..b40a30d80 100644 --- a/security/nss/lib/softoken/rsawrapr.c +++ b/security/nss/lib/softoken/rsawrapr.c @@ -416,6 +416,9 @@ rsa_FormatBlock(SECItem *result, unsigned modulusLen, * Pad is zeros. The application is responsible for recovering * the actual data. */ + if (data->len > modulusLen ) { + return SECFailure; + } result->data = (unsigned char*)PORT_ZAlloc(modulusLen); result->len = modulusLen; PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len); |