summaryrefslogtreecommitdiff
path: root/security/nss/lib/libpkix
diff options
context:
space:
mode:
authorwtc%google.com <devnull@localhost>2010-09-16 17:37:05 +0000
committerwtc%google.com <devnull@localhost>2010-09-16 17:37:05 +0000
commitefadf0a6ab06da5581895ade8d262695b4c6a13b (patch)
tree83086bbe96863c63ff0680c94d14f13ecd6096c4 /security/nss/lib/libpkix
parent1241e7861384271de3dcce6656e0a3b6f1b8835d (diff)
downloadnss-hg-efadf0a6ab06da5581895ade8d262695b4c6a13b.tar.gz
Bug 595264: Fix an infinite loop in pkix_pl_InfoAccess_ParseTokens if the
input contains a "%" hex hex escape sequence that's not the expected "%20". The patch is contributed by Adam Langley of Google <agl@chromium.org>. r=wtc,alexei.
Diffstat (limited to 'security/nss/lib/libpkix')
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
index c7a2c1691..a3a7d063b 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
@@ -575,7 +575,6 @@ pkix_pl_InfoAccess_ParseTokens(
{
PKIX_UInt32 len = 0;
PKIX_UInt32 numFilters = 0;
- PKIX_Int32 cmpResult = -1;
char *endPos = NULL;
char *p = NULL;
char **filterP = NULL;
@@ -629,14 +628,12 @@ pkix_pl_InfoAccess_ParseTokens(
*filterP = p;
while (len) {
- if (**startPos == '%') {
+ if (**startPos == '%' &&
+ strncmp(*startPos, "%20", 3) == 0) {
/* replace %20 by blank */
- cmpResult = strncmp(*startPos, "%20", 3);
- if (cmpResult == 0) {
- *p = ' ';
- *startPos += 3;
- len -= 3;
- }
+ *p = ' ';
+ *startPos += 3;
+ len -= 3;
} else {
*p = **startPos;
(*startPos)++;
View Lorry Controller Status