diff options
Diffstat (limited to 'security/manager/ssl/nsNSSIOLayer.cpp')
-rw-r--r-- | security/manager/ssl/nsNSSIOLayer.cpp | 58 |
1 files changed, 1 insertions, 57 deletions
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index 93fca396b1..d2549c52df 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -1916,59 +1916,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings, } SECItem* dername; - SECStatus rv; - int headerlen; - uint32_t contentlen; - SECItem newitem; int n; char* namestring; for (n = 0; n < caNames->nnames; n++) { - newitem.data = nullptr; dername = &caNames->names[n]; - rv = DER_Lengths(dername, &headerlen, &contentlen); - - if (rv != SECSuccess) { - goto loser; - } - - if (headerlen + contentlen != dername->len) { - // This must be from an enterprise 2.x server, which sent - // incorrectly formatted der without the outer wrapper of type and - // length. Fix it up by adding the top level header. - if (dername->len <= 127) { - newitem.data = (unsigned char*) PR_Malloc(dername->len + 2); - if (!newitem.data) { - goto loser; - } - newitem.data[0] = (unsigned char) 0x30; - newitem.data[1] = (unsigned char) dername->len; - (void) memcpy(&newitem.data[2], dername->data, dername->len); - } else if (dername->len <= 255) { - newitem.data = (unsigned char*) PR_Malloc(dername->len + 3); - if (!newitem.data) { - goto loser; - } - newitem.data[0] = (unsigned char) 0x30; - newitem.data[1] = (unsigned char) 0x81; - newitem.data[2] = (unsigned char) dername->len; - (void) memcpy(&newitem.data[3], dername->data, dername->len); - } else { - // greater than 256, better be less than 64k - newitem.data = (unsigned char*) PR_Malloc(dername->len + 4); - if (!newitem.data) { - goto loser; - } - newitem.data[0] = (unsigned char) 0x30; - newitem.data[1] = (unsigned char) 0x82; - newitem.data[2] = (unsigned char) ((dername->len >> 8) & 0xff); - newitem.data[3] = (unsigned char) (dername->len & 0xff); - memcpy(&newitem.data[4], dername->data, dername->len); - } - dername = &newitem; - } - namestring = CERT_DerNameToAscii(dername); if (!namestring) { // XXX - keep going until we fail to convert the name @@ -1977,21 +1930,12 @@ nsConvertCANamesToStrings(const UniquePLArenaPool& arena, char** caNameStrings, caNameStrings[n] = PORT_ArenaStrdup(arena.get(), namestring); PR_Free(namestring); if (!caNameStrings[n]) { - goto loser; + return SECFailure; } } - - if (newitem.data) { - PR_Free(newitem.data); - } } return SECSuccess; -loser: - if (newitem.data) { - PR_Free(newitem.data); - } - return SECFailure; } // Possible behaviors for choosing a cert for client auth. |