summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-09 21:39:28 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-09 21:39:28 +0100
commit8198126c39ff8752972c32bb877af5df5fb05c8e (patch)
treea9a876cffc2e9b8cd140aff9b0e4af8649443988
parentd429ac8a6035cd278ed1dc32599118e04ca0d2b6 (diff)
downloaduxp-8198126c39ff8752972c32bb877af5df5fb05c8e.tar.gz
Be more consistent about decoding IP addresses in PSM.
-rw-r--r--security/manager/ssl/TransportSecurityInfo.cpp5
-rw-r--r--security/manager/ssl/nsNSSCertHelper.cpp4
2 files changed, 7 insertions, 2 deletions
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
index 3c7023302b..3f4bf4a904 100644
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -8,6 +8,7 @@
#include "PSMRunnable.h"
#include "mozilla/Casting.h"
+#include "mozilla/net/DNS.h"
#include "nsComponentManagerUtils.h"
#include "nsIArray.h"
#include "nsICertOverrideService.h"
@@ -681,8 +682,10 @@ GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
case certIPAddress:
{
- char buf[INET6_ADDRSTRLEN];
+ // According to DNS.h, this includes space for the null-terminator
+ char buf[net::kNetAddrMaxCStrBufSize] = {0};
PRNetAddr addr;
+ memset(&addr, 0, sizeof(addr));
if (current->name.other.len == 4) {
addr.inet.family = PR_AF_INET;
memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
index 64c87ad2f9..efcb8747a3 100644
--- a/security/manager/ssl/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -11,6 +11,7 @@
#include "mozilla/NotNull.h"
#include "mozilla/Sprintf.h"
#include "mozilla/UniquePtr.h"
+#include "mozilla/net/DNS.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsDateTimeFormatCID.h"
@@ -1006,8 +1007,9 @@ ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current,
break;
case certIPAddress:
{
- char buf[INET6_ADDRSTRLEN];
PRStatus status = PR_FAILURE;
+ // According to DNS.h, this includes space for the null-terminator
+ char buf[net::kNetAddrMaxCStrBufSize] = {0};
PRNetAddr addr;
memset(&addr, 0, sizeof(addr));
nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key);