Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(625)

Side by Side Diff: nss/lib/certdb/alg1485.c

Issue 15067014: Fix the invalid read (heap-buffer-overflow) error in AppendAVA(). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Sync Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « README.chromium ('k') | patches/nss-appendava-invalid-read.patch » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* alg1485.c - implementation of RFCs 1485, 1779 and 2253. 1 /* alg1485.c - implementation of RFCs 1485, 1779 and 2253.
2 * 2 *
3 * This Source Code Form is subject to the terms of the Mozilla Public 3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 6
7 #include "prprf.h" 7 #include "prprf.h"
8 #include "cert.h" 8 #include "cert.h"
9 #include "certi.h" 9 #include "certi.h"
10 #include "xconst.h" 10 #include "xconst.h"
(...skipping 1018 matching lines...) Expand 10 before | Expand all | Expand 10 after
1029 end[-2] = '.'; 1029 end[-2] = '.';
1030 end[-3] = '.'; 1030 end[-3] = '.';
1031 } 1031 }
1032 rv = SECSuccess; 1032 rv = SECSuccess;
1033 } else if (!truncateValue) { 1033 } else if (!truncateValue) {
1034 rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen, 1034 rv = escapeAndQuote(encodedAVA + nameLen, len - nameLen,
1035 (char *)avaValue->data, avaValue->len, &mode); 1035 (char *)avaValue->data, avaValue->len, &mode);
1036 } else { 1036 } else {
1037 /* must truncate the escaped and quoted value */ 1037 /* must truncate the escaped and quoted value */
1038 char bigTmpBuf[TMPBUF_LEN * 3 + 3]; 1038 char bigTmpBuf[TMPBUF_LEN * 3 + 3];
1039 PORT_Assert(valueLen < sizeof tmpBuf);
1039 rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf, 1040 rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf,
1040 » » » (char *)avaValue->data, valueLen, &mode); 1041 » » » (char *)avaValue->data,
1042 » » » PR_MIN(avaValue->len, valueLen), &mode);
1041 1043
1042 bigTmpBuf[valueLen--] = '\0'; /* hard stop here */ 1044 bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
1043 /* See if we're in the middle of a multi-byte UTF8 character */ 1045 /* See if we're in the middle of a multi-byte UTF8 character */
1044 while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) { 1046 while (((bigTmpBuf[valueLen] & 0xc0) == 0x80) && valueLen > 0) {
1045 bigTmpBuf[valueLen--] = '\0'; 1047 bigTmpBuf[valueLen--] = '\0';
1046 } 1048 }
1047 /* add ellipsis to signify truncation. */ 1049 /* add ellipsis to signify truncation. */
1048 bigTmpBuf[++valueLen] = '.'; 1050 bigTmpBuf[++valueLen] = '.';
1049 bigTmpBuf[++valueLen] = '.'; 1051 bigTmpBuf[++valueLen] = '.';
1050 bigTmpBuf[++valueLen] = '.'; 1052 bigTmpBuf[++valueLen] = '.';
(...skipping 498 matching lines...) Expand 10 before | Expand all | Expand 10 after
1549 { 1551 {
1550 return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER)); 1552 return(CERT_GetNameElement(NULL, name, SEC_OID_AVA_DN_QUALIFIER));
1551 } 1553 }
1552 1554
1553 char * 1555 char *
1554 CERT_GetCertUid(const CERTName *name) 1556 CERT_GetCertUid(const CERTName *name)
1555 { 1557 {
1556 return(CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID)); 1558 return(CERT_GetNameElement(NULL, name, SEC_OID_RFC1274_UID));
1557 } 1559 }
1558 1560
OLDNEW
« no previous file with comments | « README.chromium ('k') | patches/nss-appendava-invalid-read.patch » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698