diff options
author | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-07-11 11:13:18 +0200 |
---|---|---|
committer | Franziskus Kiefer <franziskuskiefer@gmail.com> | 2017-07-11 11:13:18 +0200 |
commit | 7aa140c91267914989c5d2ec1f9486a9c734033d (patch) | |
tree | 659820d2a4d8234f53525f6a348ff7b46350e8e3 /lib/certdb | |
parent | d0eb27b111f301dd88e8f0ffc58d288741676bff (diff) | |
download | nss-hg-7aa140c91267914989c5d2ec1f9486a9c734033d.tar.gz |
Bug 1321998 - don't overrun OIDs in alg1485 part 2, r=ttaubert
Differential Revision: https://nss-review.dev.mozaws.net/D366
Diffstat (limited to 'lib/certdb')
-rw-r--r-- | lib/certdb/alg1485.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/certdb/alg1485.c b/lib/certdb/alg1485.c index cf3f85a3d..bab23be1c 100644 --- a/lib/certdb/alg1485.c +++ b/lib/certdb/alg1485.c @@ -733,6 +733,10 @@ CERT_GetOidString(const SECItem* oid) break; } } + /* There's no first bit set, so this isn't valid. Bail.*/ + if (last == stop) { + goto unsupported; + } bytesBeforeLast = (unsigned int)(last - first); if (bytesBeforeLast <= 3U) { /* 0-28 bit number */ PRUint32 n = 0; @@ -756,8 +760,9 @@ CERT_GetOidString(const SECItem* oid) n |= last[0] & 0x7f; break; } - if (last[0] & 0x80) + if (last[0] & 0x80) { goto unsupported; + } if (!rvString) { /* This is the first number.. decompose it */ |