Fix for serial numbers which are negative when intrepreted as signed integers. Since the ASN.1 encoder now add/strips leading zeros to INTEGERs, the hand decoder written here will incorrectly decode serial numbers passed to it that have leading zeros.

1 files changed, 7 insertions, 2 deletions

diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c
index 669c730f9..80972ab88 100644
--- a/security/nss/lib/softoken/pcertdb.c
+++ b/security/nss/lib/softoken/pcertdb.c
@@ -4162,6 +4162,11 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue
 		}
 	    } 
 	}
+	while (sn->data[index] == 0) {
+	    index++;
+	    data_len--;
+	    data_left--;
+	}
 	/* not a valid der, must be just an unlucky serial number value */
 	if (data_len != data_left) {
 	    data_len = sn->len;
@@ -4176,7 +4181,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue
 	return(0);
     }
 
-    /* first try the der encoded serial number */
+    /* first try the serial number as hand-decoded above*/
     /* copy the serialNumber */
     PORT_Memcpy(certKey.data, &sn->data[index], data_len);
 
@@ -4189,7 +4194,7 @@ nsslowcert_FindCertByIssuerAndSN(NSSLOWCERTCertDBHandle *handle, NSSLOWCERTIssue
 	return (cert);
     }
 
-    /* didn't find it, try by old serial number */
+    /* didn't find it, try by der encoded serial number */
     /* copy the serialNumber */
     PORT_Memcpy(certKey.data, sn->data, sn->len);