summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-09 21:39:28 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-11 13:45:47 +0100
commitd0256e1afc1ba721e98f377d8925e7b7282f5a99 (patch)
treeb64c13a9f169493e4d9e7f29ec15d2b5689dc267
parent19939f17f015f2155894f8e4c5e4ec9b8acc3ddc (diff)
downloaduxp-d0256e1afc1ba721e98f377d8925e7b7282f5a99.tar.gz
Be more consistent about decoding IP addresses in PSM.
-rw-r--r--security/manager/ssl/TransportSecurityInfo.cpp5
-rw-r--r--security/manager/ssl/nsNSSCertHelper.cpp4
2 files changed, 7 insertions, 2 deletions
diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
index 3c7023302b..3f4bf4a904 100644
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -8,6 +8,7 @@
#include "PSMRunnable.h"
#include "mozilla/Casting.h"
+#include "mozilla/net/DNS.h"
#include "nsComponentManagerUtils.h"
#include "nsIArray.h"
#include "nsICertOverrideService.h"
@@ -681,8 +682,10 @@ GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
case certIPAddress:
{
- char buf[INET6_ADDRSTRLEN];
+ // According to DNS.h, this includes space for the null-terminator
+ char buf[net::kNetAddrMaxCStrBufSize] = {0};
PRNetAddr addr;
+ memset(&addr, 0, sizeof(addr));
if (current->name.other.len == 4) {
addr.inet.family = PR_AF_INET;
memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
index 64c87ad2f9..efcb8747a3 100644
--- a/security/manager/ssl/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -11,6 +11,7 @@
#include "mozilla/NotNull.h"
#include "mozilla/Sprintf.h"
#include "mozilla/UniquePtr.h"
+#include "mozilla/net/DNS.h"
#include "nsCOMPtr.h"
#include "nsComponentManagerUtils.h"
#include "nsDateTimeFormatCID.h"
@@ -1006,8 +1007,9 @@ ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current,
break;
case certIPAddress:
{
- char buf[INET6_ADDRSTRLEN];
PRStatus status = PR_FAILURE;
+ // According to DNS.h, this includes space for the null-terminator
+ char buf[net::kNetAddrMaxCStrBufSize] = {0};
PRNetAddr addr;
memset(&addr, 0, sizeof(addr));
nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key);