summaryrefslogtreecommitdiff
path: root/lib/cryptohi
diff options
context:
space:
mode:
authorMartin Thomson <mt@lowentropy.net>2019-06-14 07:55:51 +0000
committerMartin Thomson <mt@lowentropy.net>2019-06-14 07:55:51 +0000
commiteaec77f82b1e91443390c48988019b29aa239e12 (patch)
treee52558344bd67c238a28e0470d400ea859f8562f /lib/cryptohi
parenta1ee946c15e011755c1ddff72a14b5563f670ccd (diff)
downloadnss-hg-eaec77f82b1e91443390c48988019b29aa239e12.tar.gz
Bug 1515342 - More thorough input checking, r=jcj
All part of applying better discipline throughout. Differential Revision: https://phabricator.services.mozilla.com/D33736
Diffstat (limited to 'lib/cryptohi')
-rw-r--r--lib/cryptohi/seckey.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/cryptohi/seckey.c b/lib/cryptohi/seckey.c
index 75c97faee..fa13bc33e 100644
--- a/lib/cryptohi/seckey.c
+++ b/lib/cryptohi/seckey.c
@@ -639,6 +639,11 @@ seckey_ExtractPublicKey(const CERTSubjectPublicKeyInfo *spki)
return pubk;
break;
case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+ /* A basic sanity check on inputs. */
+ if (spki->algorithm.parameters.len == 0 || newOs.len == 0) {
+ PORT_SetError(SEC_ERROR_INPUT_LEN);
+ break;
+ }
pubk->keyType = ecKey;
pubk->u.ec.size = 0;