diff options
author | nelsonb%netscape.com <devnull@localhost> | 2003-07-31 00:16:27 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2003-07-31 00:16:27 +0000 |
commit | d4d9f885d9a22b333199ed6e47dddb40e89d6f2d (patch) | |
tree | f803a0cf8ea385e3ce51b828a1d80ea0bb816cae /security/nss/lib/cryptohi | |
parent | afcdd92254335765601d05d58ba9ca8fa6fa2da4 (diff) | |
download | nss-hg-d4d9f885d9a22b333199ed6e47dddb40e89d6f2d.tar.gz |
Fix bug 213084. Detect when cert in signature cannot be imported.
Detect NULL pointer, don't crash.
Diffstat (limited to 'security/nss/lib/cryptohi')
-rw-r--r-- | security/nss/lib/cryptohi/seckey.c | 26 |
1 files changed, 17 insertions, 9 deletions
diff --git a/security/nss/lib/cryptohi/seckey.c b/security/nss/lib/cryptohi/seckey.c index 034376019..b39ba988f 100644 --- a/security/nss/lib/cryptohi/seckey.c +++ b/security/nss/lib/cryptohi/seckey.c @@ -430,7 +430,7 @@ done: * formats. The public key extraction code will deal with the different * formats at the time of extraction. */ -SECStatus +static SECStatus seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) { SECStatus rv, rvCompare; @@ -484,16 +484,16 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) /* check if the cert is self-signed */ rvCompare = (SECStatus)SECITEM_CompareItem(&subjectCert->derSubject, &subjectCert->derIssuer); - if (rvCompare == SECEqual) { - /* fail since cert is self-signed and has no pqg params. */ - return SECFailure; - } + if (rvCompare == SECEqual) { + /* fail since cert is self-signed and has no pqg params. */ + return SECFailure; + } /* get issuer cert */ issuerCert = CERT_FindCertIssuer(subjectCert, PR_Now(), certUsageAnyCA); - if ( ! issuerCert ) { - return SECFailure; - } + if ( ! issuerCert ) { + return SECFailure; + } /* if parent is not DSA or fortezza, return failure since we don't allow this case. */ @@ -552,7 +552,11 @@ seckey_UpdateCertPQGChain(CERTCertificate * subjectCert, int count) SECStatus SECKEY_UpdateCertPQG(CERTCertificate * subjectCert) { - return(seckey_UpdateCertPQGChain(subjectCert,0)); + if (!subjectCert) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; + } + return seckey_UpdateCertPQGChain(subjectCert,0); } @@ -1148,6 +1152,10 @@ CERT_ExtractPublicKey(CERTCertificate *cert) { SECStatus rv; + if (!cert) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } rv = SECKEY_UpdateCertPQG(cert); if (rv != SECSuccess) return NULL; |