From 467935176b90acf00475557bf1e6d03fed042752 Mon Sep 17 00:00:00 2001
From: "wtchang%redhat.com" <wtchang%redhat.com>
Date: Tue, 4 Jan 2005 22:00:01 +0000
Subject: [PATCH] Bugzilla Bug 276180: defend against invalid arguments to
 PK11_HashBuf and PK11_DigestOp. r=nelsonb.

---
 security/nss/lib/pk11wrap/pk11cxt.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c
index f0c41d052f0c..4428fda9bab3 100644
--- a/security/nss/lib/pk11wrap/pk11cxt.c
+++ b/security/nss/lib/pk11wrap/pk11cxt.c
@@ -624,6 +624,12 @@ PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
     unsigned int out_length;
     SECStatus rv;
 
+    /* len will be passed to PK11_DigestOp as unsigned. */
+    if (len < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     context = PK11_CreateDigestContext(hashAlg);
     if (context == NULL) return SECFailure;
 
@@ -771,6 +777,11 @@ PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen)
     CK_RV crv = CKR_OK;
     SECStatus rv = SECSuccess;
 
+    if (!in) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     /* if we ran out of session, we need to restore our previously stored
      * state.
      */