Bug 453227 - "Client certificate installation fails" (short term fix for 1.9.0 branch only) [p=nelson@bolyard.com (Nelson Bolyard [MisterSSL]) / kaie@kuix.de (Kai Engert [kaie]) r=kaie r=nelson r+sr=wtc a=dveditz] GECKO190_20080827_RELBRANCH FIREFOX_3_0_2_BUILD5 FIREFOX_3_0_2_BUILD6 FIREFOX_3_0_2_RELEASE FIREFOX_3_0_3_BUILD1 FIREFOX_3_0_3_RELEASE
authorreed%reedloden.com
Fri, 05 Sep 2008 18:06:20 +0000
branchGECKO190_20080827_RELBRANCH
changeset 8724 4d1641699c62cbcdcca6f57a4a4f7f1b7c240ab1
parent 8707 4d4f2367cf188bc4209b304befbd77b544bd98c5
child 13690 9f917933a4c55fd54900519b467d2b6546551fdc
push idunknown
push userunknown
push dateunknown
reviewerskaie, nelson, dveditz
bugs453227
Bug 453227 - "Client certificate installation fails" (short term fix for 1.9.0 branch only) [p=nelson@bolyard.com (Nelson Bolyard [MisterSSL]) / kaie@kuix.de (Kai Engert [kaie]) r=kaie r=nelson r+sr=wtc a=dveditz]
security/nss/lib/nss/nss.h
security/nss/lib/pkcs7/certread.c
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -65,17 +65,17 @@ SEC_BEGIN_PROTOS
 
 /*
  * NSS's major version, minor version, patch level, and whether
  * this is a beta release.
  *
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION  "3.12.1.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
+#define NSS_VERSION  "3.12.1.1" _NSS_ECC_STRING _NSS_CUSTOMIZED
 #define NSS_VMAJOR   3
 #define NSS_VMINOR   12
 #define NSS_VPATCH   1
 #define NSS_BETA     PR_FALSE
 
 /*
  * Return a boolean that indicates whether the underlying library
  * will perform as the caller expects.
--- a/security/nss/lib/pkcs7/certread.c
+++ b/security/nss/lib/pkcs7/certread.c
@@ -327,18 +327,18 @@ notder:
 
     cp = (unsigned char *)ascCert;
     cl = certlen;
 
     /* find the beginning marker */
     while ( cl > NS_CERT_HEADER_LEN ) {
 	if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
 			        NS_CERT_HEADER_LEN) ) {
-	    cl -= NS_CERT_HEADER_LEN;
-	    cp += NS_CERT_HEADER_LEN;
+	    cl -= NS_CERT_HEADER_LEN + 1; /* skip char after header     */
+	    cp += NS_CERT_HEADER_LEN + 1; /* as all prior versions did. */
 	    certbegin = cp;
 	    break;
 	}
 	
 	/* skip to next eol */
 	do {
 	    cp++;
 	    cl--;
@@ -348,17 +348,17 @@ notder:
 	while ( ( *cp == '\n') && cl ) {
 	    cp++;
 	    cl--;
 	}
     }
 
     if ( certbegin ) {
 	/* find the ending marker */
-	while ( cl > NS_CERT_TRAILER_LEN ) {
+	while ( cl >= NS_CERT_TRAILER_LEN ) {
 	    if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
 				   NS_CERT_TRAILER_LEN) ) {
 		certend = (unsigned char *)cp;
 		break;
 	    }
 
 	    /* skip to next eol */
 	    do {