Don't reject a cert request with an empty list of CA cert names.

Don't crash with an empty CA name list.

2 files changed, 5 insertions, 2 deletions

diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c
index 5e557828e..9ca25c10b 100644
--- a/security/nss/lib/ssl/cmpcert.c
+++ b/security/nss/lib/ssl/cmpcert.c
@@ -64,7 +64,10 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames)
   SECStatus         rv;
   SECItem           issuerName;
   SECItem           compatIssuerName;
-  
+
+  if (!cert || !caNames || !caNames->nnames || !caNames->names ||
+      !caNames->names->data)
+    return SECFailure;
   depth=0;
   curcert = CERT_DupCertificate(cert);
   
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 577cff49a..4bb873b03 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -4549,7 +4549,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 
     ca_list.nnames = nnames;
     ca_list.names  = (SECItem*)PORT_ArenaAlloc(arena, nnames * sizeof(SECItem));
-    if (ca_list.names == NULL)
+    if (nnames > 0 && ca_list.names == NULL)
         goto no_mem;
 
     for(i = 0, node = (dnameNode*)ca_list.head;