diff --git a/security/manager/ssl/src/TransportSecurityInfo.cpp b/security/manager/ssl/src/TransportSecurityInfo.cpp index efb54c5dd1ba..239edc251f44 100644 --- a/security/manager/ssl/src/TransportSecurityInfo.cpp +++ b/security/manager/ssl/src/TransportSecurityInfo.cpp @@ -20,6 +20,7 @@ #include "nsIProgrammingLanguage.h" #include "nsIArray.h" #include "nsComponentManagerUtils.h" +#include "nsReadableUtils.h" #include "nsServiceManagerUtils.h" #include "PSMRunnable.h" @@ -624,12 +625,21 @@ GetSubjectAltNames(CERTCertificate *nssCert, nsAutoString name; switch (current->type) { case certDNSName: - name.AssignASCII((char*)current->name.other.data, current->name.other.len); - if (!allNames.IsEmpty()) { - allNames.AppendLiteral(", "); + { + nsDependentCSubstring nameFromCert(reinterpret_cast + (current->name.other.data), + current->name.other.len); + // dNSName fields are defined as type IA5String and thus should + // be limited to ASCII characters. + if (IsASCII(nameFromCert)) { + name.Assign(NS_ConvertASCIItoUTF16(nameFromCert)); + if (!allNames.IsEmpty()) { + allNames.AppendLiteral(", "); + } + ++nameCount; + allNames.Append(name); + } } - ++nameCount; - allNames.Append(name); break; case certIPAddress: @@ -709,8 +719,15 @@ AppendErrorTextMismatch(const nsString &host, if (!useSAN) { char *certName = CERT_GetCommonName(&nssCert->subject); if (certName) { - ++nameCount; - allNames.Assign(NS_ConvertUTF8toUTF16(certName)); + nsDependentCSubstring commonName(certName, strlen(certName)); + if (IsUTF8(commonName)) { + // Bug 1024781 + // We should actually check that the common name is a valid dns name or + // ip address and not any string value before adding it to the display + // list. + ++nameCount; + allNames.Assign(NS_ConvertUTF8toUTF16(commonName)); + } PORT_Free(certName); } }