Bug 394040 - Tstclnt crashed in NISCC testing, r=julien NSS_3_11_BRANCH
authornelson%bolyard.com
Sat, 01 Sep 2007 00:16:19 +0000
branchNSS_3_11_BRANCH
changeset 8028 4c6a4dd49d39621cccd3cbeed62caac2dc4d4337
parent 8025 772f32452cf1be2d315c8a4c7e522375579e229f
child 8032 e9f2153b564219ea2bcccc7440c3bcab5539d04c
push idunknown
push userunknown
push dateunknown
reviewersjulien
bugs394040
Bug 394040 - Tstclnt crashed in NISCC testing, r=julien
security/nss/lib/certdb/genname.c
security/nss/lib/certhigh/certvfy.c
--- a/security/nss/lib/certdb/genname.c
+++ b/security/nss/lib/certdb/genname.c
@@ -1449,24 +1449,27 @@ cert_CompareNameWithConstraints(CERTGene
 */
 SECStatus
 CERT_CompareNameSpace(CERTCertificate  *cert,
 		      CERTGeneralName  *namesList,
  		      CERTCertificate **certsList,
  		      PRArenaPool      *arena,
  		      CERTCertificate **pBadCert)
 {
-    SECStatus            rv;
+    SECStatus            rv = SECSuccess;
     SECItem              constraintsExtension;
     CERTNameConstraints  *constraints;
     CERTGeneralName      *currentName;
     int                  count = 0;
     CERTNameConstraint  *matchingConstraints;
     CERTCertificate      *badCert = NULL;
     
+    /* If no names to check, then no names can be bad. */
+    if (!namesList)
+    	goto done;
     constraintsExtension.data = NULL;
     rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS, 
                                 &constraintsExtension);
     if (rv != SECSuccess) {
 	if (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) {
 	    rv = SECSuccess;
 	} else {
 	    count = -1;
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -677,17 +677,21 @@ cert_VerifyCertChain(CERTCertDBHandle *h
 	 * intermediate CAs) to be verified against the name constraints 
 	 * extension of the issuer certificate. 
 	 */
 	if (subjectCertIsSelfIssued == PR_FALSE) {
 	    CERTGeneralName *subjectNameList;
 	    int subjectNameListLen;
 	    int i;
 	    subjectNameList    = CERT_GetCertificateNames(subjectCert, arena);
+	    if (!subjectNameList)
+		goto loser;
 	    subjectNameListLen = CERT_GetNamesLength(subjectNameList);
+	    if (!subjectNameListLen)
+		goto loser;
 	    if (certsListLen <= namesCount + subjectNameListLen) {
 		CERTCertificate **tmpCertsList;
 		certsListLen = (namesCount + subjectNameListLen) * 2;
 		tmpCertsList = 
 		    (CERTCertificate **)PORT_Realloc(certsList, 
 	                            certsListLen * sizeof(CERTCertificate *));
 		if (tmpCertsList == NULL) {
 		    goto loser;