Treat empty SubjectAltName extensions as if they were non-existant.

Bugs 162979 166454.

security/nss/lib/certdb/genname.c

@@ -960,9 +960,6 @@ CERT_GetCertificateNames(CERTCertificate *cert, PRArenaPool *arena)
     }
     altName = CERT_DecodeAltNameExtension(arena, &altNameExtension);
     PORT_Free(altNameExtension.data);
-    if (altName == NULL) {
-	goto loser;
-    }
     DN = cert_CombineNamesLists(DN, altName);
     return DN;
 loser:

security/nss/lib/certdb/xconst.c

@@ -48,16 +48,16 @@
 #include "xconst.h"
 #include "genname.h"
 #include "secasn1.h"
-
+#include "secerr.h"
 
 
 static const SEC_ASN1Template CERTSubjectKeyIDTemplate[] = {
-{ SEC_ASN1_OCTET_STRING }
+    { SEC_ASN1_OCTET_STRING }
 };
 
 
 static const SEC_ASN1Template CERTIA5TypeTemplate[] = {
-{ SEC_ASN1_IA5_STRING }
+    { SEC_ASN1_IA5_STRING }
 };
 
 
@@ -176,7 +176,11 @@ CERT_DecodeAltNameExtension(PRArenaPool *arena, SECItem *EncodedAltName)
     if (rv == SECFailure) {
 	goto loser;
     }
-    return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName);
+    if (encodedContext.encodedGenName)
+	return cert_DecodeGeneralNames(arena, encodedContext.encodedGenName);
+    /* Extension contained an empty GeneralNames sequence */
+    /* Treat as extension not found */
+    PORT_SetError(SEC_ERROR_EXTENSION_NOT_FOUND);
 loser:
     return NULL;
 }