diff options
author | Dana Keeler <dkeeler@mozilla.com> | 2020-02-11 22:53:37 +0000 |
---|---|---|
committer | Dana Keeler <dkeeler@mozilla.com> | 2020-02-11 22:53:37 +0000 |
commit | 2b7190b6db40ec0abefaeb1ab7c9a1f45947263a (patch) | |
tree | 5b89d50edf84b217c25a120363b8889a91d4cf65 | |
parent | 79e1c1c65c502537e0438147b1173c967294e54b (diff) | |
download | nss-hg-2b7190b6db40ec0abefaeb1ab7c9a1f45947263a.tar.gz |
bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so strstr is safe to call r=jcj,kjacobs
Differential Revision: https://phabricator.services.mozilla.com/D61931
-rw-r--r-- | cmd/lib/secutil.c | 22 | ||||
-rwxr-xr-x | lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c | 16 |
2 files changed, 24 insertions, 14 deletions
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c index 703845e98..b05dc7938 100644 --- a/cmd/lib/secutil.c +++ b/cmd/lib/secutil.c @@ -494,23 +494,30 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii, if (ascii) { /* First convert ascii to binary */ SECItem filedata; - char *asc, *body; /* Read in ascii data */ rv = SECU_FileToItem(&filedata, inFile); if (rv != SECSuccess) return rv; - asc = (char *)filedata.data; - if (!asc) { + if (!filedata.data) { fprintf(stderr, "unable to read data from input file\n"); return SECFailure; } + /* need one additional byte for zero terminator */ + rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1); + if (rv != SECSuccess) { + PORT_Free(filedata.data); + return rv; + } + char *asc = (char *)filedata.data; + asc[filedata.len - 1] = '\0'; if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) { fprintf(stderr, "Warning: ignoring private key. Consider to use " "pk12util.\n"); } + char *body; /* check for headers and trailers and remove them */ if ((body = strstr(asc, "-----BEGIN")) != NULL) { char *trailer = NULL; @@ -528,14 +535,7 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii, return SECFailure; } } else { - /* need one additional byte for zero terminator */ - rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1); - if (rv != SECSuccess) { - PORT_Free(filedata.data); - return rv; - } - body = (char *)filedata.data; - body[filedata.len - 1] = '\0'; + body = asc; } /* Convert to binary */ diff --git a/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c b/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c index 57004b770..4cc5607cf 100755 --- a/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c +++ b/lib/libpkix/pkix_pl_nss/module/pkix_pl_colcertstore.c @@ -55,16 +55,26 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii) if (ascii) { /* First convert ascii to binary */ SECItem filedata; - char *asc, *body; /* Read in ascii data */ rv = SECU_FileToItem(&filedata, inFile); - asc = (char *)filedata.data; - if (!asc) { + if (rv != SECSuccess) { + return rv; + } + if (!filedata.data) { fprintf(stderr, "unable to read data from input file\n"); return SECFailure; } + /* need one additional byte for zero terminator */ + rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1); + if (rv != SECSuccess) { + PORT_Free(filedata.data); + return rv; + } + char *asc = (char *)filedata.data; + asc[filedata.len - 1] = '\0'; + char *body; /* check for headers and trailers and remove them */ if ((body = strstr(asc, "-----BEGIN")) != NULL) { char *trailer = NULL; |