Bug 1321998 - don't overrun OIDs in alg1485 part 2, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D366
author: Franziskus Kiefer <franziskuskiefer@gmail.com> 2017-07-11 11:13:18 +0200
committer: Franziskus Kiefer <franziskuskiefer@gmail.com> 2017-07-11 11:13:18 +0200
commit: 7aa140c91267914989c5d2ec1f9486a9c734033d (patch)
tree: 659820d2a4d8234f53525f6a348ff7b46350e8e3 /lib/certdb
parent: d0eb27b111f301dd88e8f0ffc58d288741676bff (diff)
download: nss-hg-7aa140c91267914989c5d2ec1f9486a9c734033d.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/certdb/alg1485.c b/lib/certdb/alg1485.c
index cf3f85a3d..bab23be1c 100644
--- a/lib/certdb/alg1485.c
+++ b/lib/certdb/alg1485.c
@@ -733,6 +733,10 @@ CERT_GetOidString(const SECItem* oid)
                 break;
             }
         }
+        /* There's no first bit set, so this isn't valid. Bail.*/
+        if (last == stop) {
+            goto unsupported;
+        }
         bytesBeforeLast = (unsigned int)(last - first);
         if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
             PRUint32 n = 0;
@@ -756,8 +760,9 @@ CERT_GetOidString(const SECItem* oid)
                     n |= last[0] & 0x7f;
                     break;
             }
-            if (last[0] & 0x80)
+            if (last[0] & 0x80) {
                 goto unsupported;
+            }
 
             if (!rvString) {
                 /* This is the first number.. decompose it */
author	Franziskus Kiefer <franziskuskiefer@gmail.com>	2017-07-11 11:13:18 +0200
committer	Franziskus Kiefer <franziskuskiefer@gmail.com>	2017-07-11 11:13:18 +0200
commit	7aa140c91267914989c5d2ec1f9486a9c734033d (patch)
tree	659820d2a4d8234f53525f6a348ff7b46350e8e3 /lib/certdb
parent	d0eb27b111f301dd88e8f0ffc58d288741676bff (diff)
download	nss-hg-7aa140c91267914989c5d2ec1f9486a9c734033d.tar.gz