Bug 1803226 - NULL password encoding incorrect. r=nss-reviewers,jschanck

The test for adding the unicode null in the null password case was incorrect from Bug 1757075 (https://bugzilla.mozilla.org/show_bug.cgi?id=1757075). The sense of the test was backwards meaning that no null was added.

We didn't notice because NSS and openssl tolerate incorrect null password encoding. It was picked up in gnutls interop testing.

Differential Revision: https://phabricator.services.mozilla.com/D163498

1 files changed, 2 insertions, 3 deletions

diff --git a/lib/pkcs12/p12local.c b/lib/pkcs12/p12local.c
index 56d5d649d..f64448664 100644
--- a/lib/pkcs12/p12local.c
+++ b/lib/pkcs12/p12local.c
@@ -968,15 +968,14 @@ sec_pkcs12_convert_item_to_unicode(PLArenaPool *arena, SECItem *dest,
     if (zeroTerm) {
         /* unicode adds two nulls at the end */
         if (toUnicode) {
-            if ((dest->len >= 2) &&
-                (dest->data[dest->len - 1] || dest->data[dest->len - 2])) {
+            if ((dest->len < 2) || dest->data[dest->len - 1] || dest->data[dest->len - 2]) {
                 /* we've already allocated space for these new NULLs */
                 PORT_Assert(dest->len + 2 <= bufferSize);
                 dest->len += 2;
                 dest->data[dest->len - 1] = dest->data[dest->len - 2] = 0;
             }
             /* ascii/utf-8 adds just 1 */
-        } else if ((dest->len >= 1) && dest->data[dest->len - 1]) {
+        } else if (!dest->len || dest->data[dest->len - 1]) {
             PORT_Assert(dest->len + 1 <= bufferSize);
             dest->len++;
             dest->data[dest->len - 1] = 0;