bug 1538980 - null-terminate ascii input in SECU_ReadDERFromFile so strstr is safe to call r=jcj,kjacobs

Differential Revision: https://phabricator.services.mozilla.com/D61931
author: Dana Keeler <dkeeler@mozilla.com> 2020-02-11 22:53:37 +0000
committer: Dana Keeler <dkeeler@mozilla.com> 2020-02-11 22:53:37 +0000
commit: 2b7190b6db40ec0abefaeb1ab7c9a1f45947263a (patch)
tree: 5b89d50edf84b217c25a120363b8889a91d4cf65 /cmd/lib
parent: 79e1c1c65c502537e0438147b1173c967294e54b (diff)
download: nss-hg-2b7190b6db40ec0abefaeb1ab7c9a1f45947263a.tar.gz
1 files changed, 11 insertions, 11 deletions
diff --git a/cmd/lib/secutil.c b/cmd/lib/secutil.c
index 703845e98..b05dc7938 100644
--- a/cmd/lib/secutil.c
+++ b/cmd/lib/secutil.c
@@ -494,23 +494,30 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
     if (ascii) {
         /* First convert ascii to binary */
         SECItem filedata;
-        char *asc, *body;
 
         /* Read in ascii data */
         rv = SECU_FileToItem(&filedata, inFile);
         if (rv != SECSuccess)
             return rv;
-        asc = (char *)filedata.data;
-        if (!asc) {
+        if (!filedata.data) {
             fprintf(stderr, "unable to read data from input file\n");
             return SECFailure;
         }
+        /* need one additional byte for zero terminator */
+        rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
+        if (rv != SECSuccess) {
+            PORT_Free(filedata.data);
+            return rv;
+        }
+        char *asc = (char *)filedata.data;
+        asc[filedata.len - 1] = '\0';
 
         if (warnOnPrivateKeyInAsciiFile && strstr(asc, "PRIVATE KEY")) {
             fprintf(stderr, "Warning: ignoring private key. Consider to use "
                             "pk12util.\n");
         }
 
+        char *body;
         /* check for headers and trailers and remove them */
         if ((body = strstr(asc, "-----BEGIN")) != NULL) {
             char *trailer = NULL;
@@ -528,14 +535,7 @@ SECU_ReadDERFromFile(SECItem *der, PRFileDesc *inFile, PRBool ascii,
                 return SECFailure;
             }
         } else {
-            /* need one additional byte for zero terminator */
-            rv = SECITEM_ReallocItemV2(NULL, &filedata, filedata.len + 1);
-            if (rv != SECSuccess) {
-                PORT_Free(filedata.data);
-                return rv;
-            }
-            body = (char *)filedata.data;
-            body[filedata.len - 1] = '\0';
+            body = asc;
         }
 
         /* Convert to binary */
author	Dana Keeler <dkeeler@mozilla.com>	2020-02-11 22:53:37 +0000
committer	Dana Keeler <dkeeler@mozilla.com>	2020-02-11 22:53:37 +0000
commit	2b7190b6db40ec0abefaeb1ab7c9a1f45947263a (patch)
tree	5b89d50edf84b217c25a120363b8889a91d4cf65 /cmd/lib
parent	79e1c1c65c502537e0438147b1173c967294e54b (diff)
download	nss-hg-2b7190b6db40ec0abefaeb1ab7c9a1f45947263a.tar.gz