diff options
| -rw-r--r-- | security/nss/lib/certdb/pcertdb.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/security/nss/lib/certdb/pcertdb.c b/security/nss/lib/certdb/pcertdb.c index f4f6d3483..a43ed584a 100644 --- a/security/nss/lib/certdb/pcertdb.c +++ b/security/nss/lib/certdb/pcertdb.c @@ -873,8 +873,14 @@ DecodeDBCrlEntry(certDBEntryRevocation *entry, SECItem *dbentry) nnlen = ( ( dbentry->data[2] << 8 ) | dbentry->data[3] ); if ( ( entry->derCrl.len + nnlen + DB_CRL_ENTRY_HEADER_LEN ) != dbentry->len) { - PORT_SetError(SEC_ERROR_BAD_DATABASE); - goto loser; + /* CRL entry is greater than 64 K. Hack to make this continue to work */ + if (dbentry->len >= (0xffff - DB_CRL_ENTRY_HEADER_LEN) - nnlen) { + entry->derCrl.len = + (dbentry->len - DB_CRL_ENTRY_HEADER_LEN) - nnlen; + } else { + PORT_SetError(SEC_ERROR_BAD_DATABASE); + goto loser; + } } /* copy the dercert */ |