diff options
| -rw-r--r-- | security/nss/lib/cryptohi/secvfy.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/nss/lib/cryptohi/secvfy.c b/security/nss/lib/cryptohi/secvfy.c index f4de15f77..94a0b3563 100644 --- a/security/nss/lib/cryptohi/secvfy.c +++ b/security/nss/lib/cryptohi/secvfy.c @@ -54,11 +54,12 @@ ** Decrypt signature block using public key ** Store the hash algorithm oid tag in *tagp ** Store the digest in the digest buffer +** Store the digest length in *digestlen ** XXX this is assuming that the signature algorithm has WITH_RSA_ENCRYPTION */ static SECStatus DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, - unsigned int *digestlen, unsigned int len, + unsigned int *digestlen, unsigned int maxdigestlen, SECKEYPublicKey *key, const SECItem *sig, char *wincx) { SGNDigestInfo *di = NULL; @@ -94,7 +95,7 @@ DecryptSigBlock(SECOidTag *tagp, unsigned char *digest, if (di->digestAlgorithm.parameters.len > 2) { goto sigloser; } - if (di->digest.len > len) { + if (di->digest.len > maxdigestlen) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); goto loser; } |