diff options
author | nelsonb%netscape.com <devnull@localhost> | 2002-11-16 03:19:48 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2002-11-16 03:19:48 +0000 |
commit | f5ffa40416741441330a7fa67612e5433818c12c (patch) | |
tree | e5f89e0e8f02631b1c4aafbb589a0964e4e9379c /security/nss/lib | |
parent | 00f43d102cb78cf80b0a692e56b88013f0cf83f3 (diff) | |
download | nss-hg-f5ffa40416741441330a7fa67612e5433818c12c.tar.gz |
Don't reject a cert request with an empty list of CA cert names.
Don't crash with an empty CA name list.
Diffstat (limited to 'security/nss/lib')
-rw-r--r-- | security/nss/lib/ssl/cmpcert.c | 5 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c index 5e557828e..9ca25c10b 100644 --- a/security/nss/lib/ssl/cmpcert.c +++ b/security/nss/lib/ssl/cmpcert.c @@ -64,7 +64,10 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) SECStatus rv; SECItem issuerName; SECItem compatIssuerName; - + + if (!cert || !caNames || !caNames->nnames || !caNames->names || + !caNames->names->data) + return SECFailure; depth=0; curcert = CERT_DupCertificate(cert); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 577cff49a..4bb873b03 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -4549,7 +4549,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ca_list.nnames = nnames; ca_list.names = (SECItem*)PORT_ArenaAlloc(arena, nnames * sizeof(SECItem)); - if (ca_list.names == NULL) + if (nnames > 0 && ca_list.names == NULL) goto no_mem; for(i = 0, node = (dnameNode*)ca_list.head; |