Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(160)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: patches/nss-appendava-invalid-read.patch

Issue 15067014: Fix the invalid read (heap-buffer-overflow) error in AppendAVA(). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Sync Created 7 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « nss/lib/certdb/alg1485.c ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: patches/nss-appendava-invalid-read.patch
===================================================================
--- patches/nss-appendava-invalid-read.patch (revision 0)
+++ patches/nss-appendava-invalid-read.patch (revision 0)
@@ -0,0 +1,16 @@
+Index: lib/certdb/alg1485.c
+===================================================================
+--- lib/certdb/alg1485.c (revision 199075)
++++ lib/certdb/alg1485.c (working copy)
+@@ -1036,8 +1036,10 @@
+ } else {
+ /* must truncate the escaped and quoted value */
+ char bigTmpBuf[TMPBUF_LEN * 3 + 3];
++ PORT_Assert(valueLen < sizeof tmpBuf);
+ rv = escapeAndQuote(bigTmpBuf, sizeof bigTmpBuf,
+- (char *)avaValue->data, valueLen, &mode);
++ (char *)avaValue->data,
++ PR_MIN(avaValue->len, valueLen), &mode);
+
+ bigTmpBuf[valueLen--] = '\0'; /* hard stop here */
+ /* See if we're in the middle of a multi-byte UTF8 character */
« no previous file with comments | « nss/lib/certdb/alg1485.c ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698