summaryrefslogtreecommitdiff
path: root/security/nss/lib/certdb/alg1485.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/certdb/alg1485.c')
-rw-r--r--security/nss/lib/certdb/alg1485.c22
1 files changed, 15 insertions, 7 deletions
diff --git a/security/nss/lib/certdb/alg1485.c b/security/nss/lib/certdb/alg1485.c
index 38b2fe4b51..9a69c5bc51 100644
--- a/security/nss/lib/certdb/alg1485.c
+++ b/security/nss/lib/certdb/alg1485.c
@@ -703,14 +703,19 @@ CERT_GetOidString(const SECItem* oid)
return NULL;
}
+ /* If the OID has length 1, we bail. */
+ if (oid->len < 2) {
+ return NULL;
+ }
+
/* first will point to the next sequence of bytes to decode */
first = (PRUint8*)oid->data;
/* stop points to one past the legitimate data */
stop = &first[oid->len];
/*
- * Check for our pseudo-encoded single-digit OIDs
- */
+ * Check for our pseudo-encoded single-digit OIDs
+ */
if ((*first == 0x80) && (2 == oid->len)) {
/* Funky encoding. The second byte is the number */
rvString = PR_smprintf("%lu", (PRUint32)first[1]);
@@ -728,6 +733,10 @@ CERT_GetOidString(const SECItem* oid)
break;
}
}
+ /* There's no first bit set, so this isn't valid. Bail.*/
+ if (last == stop) {
+ goto unsupported;
+ }
bytesBeforeLast = (unsigned int)(last - first);
if (bytesBeforeLast <= 3U) { /* 0-28 bit number */
PRUint32 n = 0;
@@ -748,12 +757,12 @@ CERT_GetOidString(const SECItem* oid)
CASE(2, 0x7f);
CASE(1, 0x7f);
case 0:
- n |=
- last[0] & 0x7f;
+ n |= last[0] & 0x7f;
break;
}
- if (last[0] & 0x80)
+ if (last[0] & 0x80) {
goto unsupported;
+ }
if (!rvString) {
/* This is the first number.. decompose it */
@@ -1305,8 +1314,7 @@ CERT_GetCertificateEmailAddress(CERTCertificate* cert)
}
} else if (current->type == certRFC822Name) {
rawEmailAddr =
- (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len +
- 1);
+ (char*)PORT_ArenaZAlloc(cert->arena, current->name.other.len + 1);
if (!rawEmailAddr) {
goto finish;
}