diff options
| author | John M. Schanck <jschanck@mozilla.com> | 2022-06-06 18:11:47 +0000 |
|---|---|---|
| committer | John M. Schanck <jschanck@mozilla.com> | 2022-06-06 18:11:47 +0000 |
| commit | e6c2018b30f88f0bfd28250d91696ea11f80b89a (patch) | |
| tree | 9e8096b21d0815d94ed5032d97d7b05fd3afa362 | |
| parent | 819e007db5425843aeecd50e547a42b20e1c32fc (diff) | |
| download | nss-hg-e6c2018b30f88f0bfd28250d91696ea11f80b89a.tar.gz | |
Bug 1771498 - Uninitialized value in cert_ComputeCertType. r=djackson
Differential Revision: https://phabricator.services.mozilla.com/D147526
| -rw-r--r-- | lib/certdb/certdb.c | 6 | ||||
| -rw-r--r-- | lib/certdb/certv3.c | 2 | ||||
| -rw-r--r-- | lib/certdb/certxutl.c | 7 | ||||
| -rw-r--r-- | lib/crmf/cmmfrec.c | 2 |
4 files changed, 10 insertions, 7 deletions
diff --git a/lib/certdb/certdb.c b/lib/certdb/certdb.c index e9acbb28d..e261e070c 100644 --- a/lib/certdb/certdb.c +++ b/lib/certdb/certdb.c @@ -384,9 +384,9 @@ GetKeyUsage(CERTCertificate *cert) rv = CERT_FindKeyUsageExtension(cert, &tmpitem); if (rv == SECSuccess) { /* remember the actual value of the extension */ - cert->rawKeyUsage = tmpitem.data[0]; + cert->rawKeyUsage = tmpitem.len ? tmpitem.data[0] : 0; cert->keyUsagePresent = PR_TRUE; - cert->keyUsage = tmpitem.data[0]; + cert->keyUsage = cert->rawKeyUsage; PORT_Free(tmpitem.data); tmpitem.data = NULL; @@ -506,7 +506,7 @@ cert_ComputeCertType(CERTCertificate *cert) isCA = basicConstraint.isCA; } if (tmpitem.data != NULL || extKeyUsage != NULL) { - if (tmpitem.data == NULL) { + if (tmpitem.data == NULL || tmpitem.len == 0) { nsCertType = 0; } else { nsCertType = tmpitem.data[0]; diff --git a/lib/certdb/certv3.c b/lib/certdb/certv3.c index d27fc1ba0..f00b88f1d 100644 --- a/lib/certdb/certv3.c +++ b/lib/certdb/certv3.c @@ -213,7 +213,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage) if (rv == SECFailure) { rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess : SECFailure; - } else if (!keyUsage.data || !(keyUsage.data[0] & usage)) { + } else if (!keyUsage.data || !keyUsage.len || !(keyUsage.data[0] & usage)) { PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID); rv = SECFailure; } diff --git a/lib/certdb/certxutl.c b/lib/certdb/certxutl.c index c53f15cdf..bffc7f3a4 100644 --- a/lib/certdb/certxutl.c +++ b/lib/certdb/certxutl.c @@ -417,12 +417,15 @@ CERT_FindBitStringExtension(CERTCertExtension **extensions, int tag, goto loser; } - retItem->data = (unsigned char *)PORT_Alloc((tmpItem.len + 7) >> 3); + retItem->data = (unsigned char *)PORT_ZAlloc((tmpItem.len + 7) >> 3); if (retItem->data == NULL) { goto loser; } - PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3); + if (tmpItem.len > 0) { + PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3); + } + retItem->len = tmpItem.len; rv = SECSuccess; diff --git a/lib/crmf/cmmfrec.c b/lib/crmf/cmmfrec.c index 5dfe1fcca..3c5535015 100644 --- a/lib/crmf/cmmfrec.c +++ b/lib/crmf/cmmfrec.c @@ -291,7 +291,7 @@ CMMF_CertifiedKeyPairUnwrapPrivKey(CMMFCertifiedKeyPair *inKeyPair, cert = CMMF_CertifiedKeyPairGetCertificate(inKeyPair, inCertdb); CERT_FindKeyUsageExtension(cert, &keyUsageValue); if (keyUsageValue.data != NULL) { - keyUsage = keyUsageValue.data[3]; + keyUsage = keyUsageValue.len ? keyUsageValue.data[0] : 0; PORT_Free(keyUsageValue.data); } pubKey = CERT_ExtractPublicKey(cert); |