From 6b4fae5a4aa11251aaf6763f07634c1f8a7f83f7 Mon Sep 17 00:00:00 2001 From: "nelsonb%netscape.com" Date: Sat, 16 Nov 2002 03:19:48 +0000 Subject: [PATCH] Don't reject a cert request with an empty list of CA cert names. Don't crash with an empty CA name list. --- security/nss/lib/ssl/cmpcert.c | 7 +++++-- security/nss/lib/ssl/ssl3con.c | 4 ++-- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/security/nss/lib/ssl/cmpcert.c b/security/nss/lib/ssl/cmpcert.c index 67fc598a65d1..11f76c4f013a 100644 --- a/security/nss/lib/ssl/cmpcert.c +++ b/security/nss/lib/ssl/cmpcert.c @@ -32,7 +32,7 @@ * may use your version of this file under either the MPL or the * GPL. * - * $Id: cmpcert.c,v 1.1 2000/03/31 19:31:24 relyea%netscape.com Exp $ + * $Id: cmpcert.c,v 1.2 2002/11/16 03:19:47 nelsonb%netscape.com Exp $ */ #include @@ -64,7 +64,10 @@ NSS_CmpCertChainWCANames(CERTCertificate *cert, CERTDistNames *caNames) SECStatus rv; SECItem issuerName; SECItem compatIssuerName; - + + if (!cert || !caNames || !caNames->nnames || !caNames->names || + !caNames->names->data) + return SECFailure; depth=0; curcert = CERT_DupCertificate(cert); diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 0e1e893860fb..780a38f1457a 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -33,7 +33,7 @@ * may use your version of this file under either the MPL or the * GPL. * - * $Id: ssl3con.c,v 1.43 2002/11/05 00:25:19 nelsonb%netscape.com Exp $ + * $Id: ssl3con.c,v 1.44 2002/11/16 03:19:48 nelsonb%netscape.com Exp $ */ #include "nssrenam.h" @@ -4549,7 +4549,7 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) ca_list.nnames = nnames; ca_list.names = (SECItem*)PORT_ArenaAlloc(arena, nnames * sizeof(SECItem)); - if (ca_list.names == NULL) + if (nnames > 0 && ca_list.names == NULL) goto no_mem; for(i = 0, node = (dnameNode*)ca_list.head;