diff options
| author | wtc%netscape.com <devnull@localhost> | 2002-06-18 20:37:38 +0000 |
|---|---|---|
| committer | wtc%netscape.com <devnull@localhost> | 2002-06-18 20:37:38 +0000 |
| commit | fb3d3830d4453a20a8a8bcd4e195e4c1cba8d038 (patch) | |
| tree | 165bea07ce87483a00b222b794e7a734e9a18058 | |
| parent | 24e21ee80f3eebe26d9dab79b9ad401de83490a4 (diff) | |
| download | nss-hg-fb3d3830d4453a20a8a8bcd4e195e4c1cba8d038.tar.gz | |
Bug 151940: SEC_PKCS12DecoderVerify should call SEC_ASN1DecoderFinish first
to detect insufficient input data error. r=relyea.
Tag: NSS_3_5_BRANCH
| -rw-r--r-- | security/nss/lib/pkcs12/p12d.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c index ca5017cc5..77e83a6fd 100644 --- a/security/nss/lib/pkcs12/p12d.c +++ b/security/nss/lib/pkcs12/p12d.c @@ -1408,6 +1408,12 @@ SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx) return SECFailure; } + rv = SEC_ASN1DecoderFinish(p12dcx->pfxDcx); + p12dcx->pfxDcx = NULL; + if(rv != SECSuccess) { + return rv; + } + /* check the signature or the mac depending on the type of * integrity used. */ |