diff options
author | John M. Schanck <jschanck@mozilla.com> | 2022-08-18 09:12:01 +0000 |
---|---|---|
committer | John M. Schanck <jschanck@mozilla.com> | 2022-08-18 09:12:01 +0000 |
commit | 9aeef2909b06d2531ce9f168d775d9734fb1325e (patch) | |
tree | e40f1dad94e85ce7219257bbe5d4a605b119a2c2 | |
parent | e03c55f59926ff9b6c2874a2d86332571372e5aa (diff) | |
download | nss-hg-9aeef2909b06d2531ce9f168d775d9734fb1325e.tar.gz |
Bug 1330271 - check for null template in sec_asn1{d,e}_push_state. r=nss-reviewers,djacksonNSS_3_82_BETA1
Some of our dynamic template choosers, e.g. sec_pkcs12_choose_attr_type, can
return NULL. This patch adds some defensive checks to avoid crashes when
they do.
Differential Revision: https://phabricator.services.mozilla.com/D150290
-rw-r--r-- | lib/util/secasn1d.c | 5 | ||||
-rw-r--r-- | lib/util/secasn1e.c | 6 |
2 files changed, 10 insertions, 1 deletions
diff --git a/lib/util/secasn1d.c b/lib/util/secasn1d.c index d219ee0c2..47e1abd0a 100644 --- a/lib/util/secasn1d.c +++ b/lib/util/secasn1d.c @@ -365,6 +365,11 @@ sec_asn1d_push_state(SEC_ASN1DecoderContext *cx, state->our_mark = PORT_ArenaMark(cx->our_pool); } + if (theTemplate == NULL) { + PORT_SetError(SEC_ERROR_BAD_TEMPLATE); + goto loser; + } + new_state = (sec_asn1d_state *)sec_asn1d_zalloc(cx->our_pool, sizeof(*new_state)); if (new_state == NULL) { diff --git a/lib/util/secasn1e.c b/lib/util/secasn1e.c index fb3feef52..41d284897 100644 --- a/lib/util/secasn1e.c +++ b/lib/util/secasn1e.c @@ -94,8 +94,12 @@ sec_asn1e_push_state(SEC_ASN1EncoderContext *cx, { sec_asn1e_state *state, *new_state; - state = cx->current; + if (theTemplate == NULL) { + cx->status = encodeError; + return NULL; + } + state = cx->current; new_state = (sec_asn1e_state *)PORT_ArenaZAlloc(cx->our_pool, sizeof(*new_state)); if (new_state == NULL) { |