From efadf0a6ab06da5581895ade8d262695b4c6a13b Mon Sep 17 00:00:00 2001 From: "wtc%google.com" Date: Thu, 16 Sep 2010 17:37:05 +0000 Subject: Bug 595264: Fix an infinite loop in pkix_pl_InfoAccess_ParseTokens if the input contains a "%" hex hex escape sequence that's not the expected "%20". The patch is contributed by Adam Langley of Google . r=wtc,alexei. --- .../nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) (limited to 'security/nss/lib/libpkix') diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c index c7a2c1691..a3a7d063b 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c @@ -575,7 +575,6 @@ pkix_pl_InfoAccess_ParseTokens( { PKIX_UInt32 len = 0; PKIX_UInt32 numFilters = 0; - PKIX_Int32 cmpResult = -1; char *endPos = NULL; char *p = NULL; char **filterP = NULL; @@ -629,14 +628,12 @@ pkix_pl_InfoAccess_ParseTokens( *filterP = p; while (len) { - if (**startPos == '%') { + if (**startPos == '%' && + strncmp(*startPos, "%20", 3) == 0) { /* replace %20 by blank */ - cmpResult = strncmp(*startPos, "%20", 3); - if (cmpResult == 0) { - *p = ' '; - *startPos += 3; - len -= 3; - } + *p = ' '; + *startPos += 3; + len -= 3; } else { *p = **startPos; (*startPos)++; -- cgit v1.2.1