Bug 1314604 - Extra checking when validating DH shares, r=rrelyea

author: Martin Thomson <martin.thomson@gmail.com> 2016-11-08 12:07:02 +0100
committer: Martin Thomson <martin.thomson@gmail.com> 2016-11-08 12:07:02 +0100
commit: 2da6129f570659a35dd0c83895d7791e04fa699e (patch)
tree: eb419d8326c230b8379b2322505e7aaf5efea9c8 /lib/ssl/sslsock.c
parent: 554c65cb5fce86d04241a39fa4ec597c31b2a9fc (diff)
download: nss-hg-2da6129f570659a35dd0c83895d7791e04fa699e.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c
index 7923bb80c..8f7a792f4 100644
--- a/lib/ssl/sslsock.c
+++ b/lib/ssl/sslsock.c
@@ -1668,6 +1668,9 @@ ssl_IsValidDHEShare(const SECItem *dh_p, const SECItem *dh_Ys)
     unsigned int commonPart;
     int cmp;
 
+    if (dh_p->len == 0 || dh_Ys->len == 0) {
+        return PR_FALSE;
+    }
     /* Check that the prime is at least odd. */
     if ((dh_p->data[dh_p->len - 1] & 0x01) == 0) {
         return PR_FALSE;
author	Martin Thomson <martin.thomson@gmail.com>	2016-11-08 12:07:02 +0100
committer	Martin Thomson <martin.thomson@gmail.com>	2016-11-08 12:07:02 +0100
commit	2da6129f570659a35dd0c83895d7791e04fa699e (patch)
tree	eb419d8326c230b8379b2322505e7aaf5efea9c8 /lib/ssl/sslsock.c
parent	554c65cb5fce86d04241a39fa4ec597c31b2a9fc (diff)
download	nss-hg-2da6129f570659a35dd0c83895d7791e04fa699e.tar.gz