diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-15 15:43:35 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-01-15 15:43:35 +0000 |
commit | 05a38fc0d7fdb2a6cdc045d30b007a9b5087362c (patch) | |
tree | 828beeb67fb918740aea2cd109f8de87cefa336a | |
parent | 7b2a32f502c30a84f74d5f8531690cac87590c75 (diff) | |
download | nss-hg-05a38fc0d7fdb2a6cdc045d30b007a9b5087362c.tar.gz |
Fix for serial numbers which are negative when intrepreted as signed integers. Since the ASN.1 encoder now add/strips leading zeros to INTEGERs, the hand decoder written here will incorrectly decode serial numbers passed to it that have leading zeros.
-rw-r--r-- | security/nss/lib/softoken/pcertdb.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index 669c730f9..80972ab88 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -4162,6 +4162,11 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue } } } + while (sn->data[index] == 0) { + index++; + data_len--; + data_left--; + } /* not a valid der, must be just an unlucky serial number value */ if (data_len != data_left) { data_len = sn->len; @@ -4176,7 +4181,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue return(0); } - /* first try the der encoded serial number */ + /* first try the serial number as hand-decoded above*/ /* copy the serialNumber */ PORT_Memcpy(certKey.data, &sn->data[index], data_len); @@ -4189,7 +4194,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue return (cert); } - /* didn't find it, try by old serial number */ + /* didn't find it, try by der encoded serial number */ /* copy the serialNumber */ PORT_Memcpy(certKey.data, sn->data, sn->len); |