diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2002-09-04 00:42:01 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2002-09-04 00:42:01 +0000 |
| commit | 81701f71ba450733c62cab21516d4358326326fe (patch) | |
| tree | bc15fcdcec7ab18f77dfa21e4f69ca5ed21f7df9 | |
| parent | 96e8626101e56604fe89dd4dc8b983dd936e132f (diff) | |
| download | nss-hg-81701f71ba450733c62cab21516d4358326326fe.tar.gz | |
Treat empty SubjectAltName extensions as if they were non-existant.
Bugs 162979 166454.
| -rw-r--r-- | security/nss/lib/certdb/genname.c | 3 | ||||
| -rw-r--r-- | security/nss/lib/certdb/xconst.c | 12 |
2 files changed, 8 insertions, 7 deletions
diff --git a/security/nss/lib/certdb/genname.c b/security/nss/lib/certdb/genname.c index fadf9d15f..a8dcf6dff 100644 --- a/security/nss/lib/certdb/genname.c +++ b/security/nss/lib/certdb/genname.c @@ -960,9 +960,6 @@ CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena) } altName = CERT_DecodeAltNameExtension(arena, &altNameExtension); PORT_Free(altNameExtension.data); - if (altName == NULL) { - goto loser; - } DN = cert_CombineNamesLists(DN, altName); return DN; loser: diff --git a/security/nss/lib/certdb/xconst.c b/security/nss/lib/certdb/xconst.c index 74a4de08b..d86483098 100644 --- a/security/nss/lib/certdb/xconst.c +++ b/security/nss/lib/certdb/xconst.c @@ -48,16 +48,16 @@ #include "xconst.h" #include "genname.h" #include "secasn1.h" - +#include "secerr.h" static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = { -{ SEC_ASN1_OCTET_STRING } + { SEC_ASN1_OCTET_STRING } }; static const SEC_ASN1Template CERTIA5TypeTemplate[] = { -{ SEC_ASN1_IA5_STRING } + { SEC_ASN1_IA5_STRING } }; @@ -176,7 +176,11 @@ CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName) if (rv == SECFailure) { goto loser; } - return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName); + if (encodedContext.encodedGenName) + return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName); + /* Extension contained an empty GeneralNames sequence */ + /* Treat as extension not found */ + PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND); loser: return NULL; } |