Fix for bug 193691 . Make QuickDER return an error rather than assert if extraneous data is present in the buffer

2 files changed, 7 insertions, 3 deletions

diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c
index 92d693971..1b4765812 100644
--- a/security/nss/lib/util/quickder.c
+++ b/security/nss/lib/util/quickder.c
@@ -901,7 +901,11 @@ SECStatus SEC_QuickDERDecodeItem(PRArenaPool* arena, void* dest,
         else
         {
             PORT_ArenaUnmark(arena, savpos);
-            PORT_Assert(0 == newsrc.len);
+            if (newsrc.len)
+            {
+                rv = SECFailure;
+                PORT_SetError(SEC_ERROR_BAD_DER_EXTRA_DATA);
+            }
         }
     }
 
diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h
index 7e139cae1..ad7c5d8ff 100644
--- a/security/nss/lib/util/secerr.h
+++ b/security/nss/lib/util/secerr.h
@@ -184,8 +184,8 @@ SEC_ERROR_MODULE_STUCK			    =	(SEC_ERROR_BASE + 135),
 SEC_ERROR_BAD_TEMPLATE			    =	(SEC_ERROR_BASE + 136),
 SEC_ERROR_CRL_NOT_FOUND 		    =	(SEC_ERROR_BASE + 137),
 SEC_ERROR_REUSED_ISSUER_AND_SERIAL          =   (SEC_ERROR_BASE + 138),
-SEC_ERROR_BUSY                              =   (SEC_ERROR_BASE + 139)
-
+SEC_ERROR_BUSY                              =   (SEC_ERROR_BASE + 139),
+SEC_ERROR_BAD_DER_EXTRA_DATA                =   (SEC_ERROR_BASE + 140)
 } SECErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */