diff options
| author | wtc%google.com <devnull@localhost> | 2013-01-10 15:24:03 +0000 |
|---|---|---|
| committer | wtc%google.com <devnull@localhost> | 2013-01-10 15:24:03 +0000 |
| commit | 9f1f716dcf13a4cb0c65e8fe286693e900ada116 (patch) | |
| tree | 66f6144c71d6b09a9688a244dc292a8d6f98cf5c | |
| parent | ece44aaa36d8e39e83041f1ad42407c5a22a6cc1 (diff) | |
| download | nss-hg-9f1f716dcf13a4cb0c65e8fe286693e900ada116.tar.gz | |
Bug 820651: Fix comparisons of unsigned variable < 0. r=rrelyea.
Modified Files:
lib/freebl/arcfour.c lib/freebl/desblapi.c
lib/pk11wrap/pk11merge.c
| -rw-r--r-- | security/nss/lib/freebl/arcfour.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/freebl/desblapi.c | 4 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11merge.c | 6 |
3 files changed, 7 insertions, 5 deletions
diff --git a/security/nss/lib/freebl/arcfour.c b/security/nss/lib/freebl/arcfour.c index eb60f3672..448a9d93b 100644 --- a/security/nss/lib/freebl/arcfour.c +++ b/security/nss/lib/freebl/arcfour.c @@ -126,7 +126,7 @@ RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len, /* verify the key length. */ PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE); - if (len < 0 || len >= ARCFOUR_STATE_SIZE) { + if (len == 0 || len >= ARCFOUR_STATE_SIZE) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; } diff --git a/security/nss/lib/freebl/desblapi.c b/security/nss/lib/freebl/desblapi.c index 23942e7b5..6a547af67 100644 --- a/security/nss/lib/freebl/desblapi.c +++ b/security/nss/lib/freebl/desblapi.c @@ -243,7 +243,7 @@ DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { - if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || + if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_ENCRYPT) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; @@ -260,7 +260,7 @@ DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { - if (inLen < 0 || (inLen % 8) != 0 || maxOutLen < inLen || !cx || + if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_DECRYPT) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return SECFailure; diff --git a/security/nss/lib/pk11wrap/pk11merge.c b/security/nss/lib/pk11wrap/pk11merge.c index 4172d3fd3..8c966d2d0 100644 --- a/security/nss/lib/pk11wrap/pk11merge.c +++ b/security/nss/lib/pk11wrap/pk11merge.c @@ -429,6 +429,7 @@ pk11_mergeSecretKey(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, SECItem *sourceOutput = NULL; SECItem *targetOutput = NULL; SECItem *param = NULL; + int blockSize; SECItem input; CK_OBJECT_HANDLE targetKeyID; CK_FLAGS flags; @@ -491,11 +492,12 @@ pk11_mergeSecretKey(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot, /* set up the input test */ input.data = (unsigned char *)testString; - input.len = PK11_GetBlockSize(cryptoMechType, NULL); - if (input.len < 0) { + blockSize = PK11_GetBlockSize(cryptoMechType, NULL); + if (blockSize < 0) { rv = SECFailure; goto done; } + input.len = blockSize; if (input.len == 0) { input.len = sizeof (testString); } |