Bug 867795: check not only ss->certStatusArray is non-null but also
authorWan-Teh Chang <wtc@google.com>
Wed, 01 May 2013 16:30:52 -0700
changeset 10751 4f4190cc5f9fbdb924fa02fdf13b34c643043ff7
parent 10750 22d622a0274d7ba63042153bcabc1c77d29bd3ec
child 10752 44a46d334735e8c21b7d843780dbb520677aa668
push id61
push userwtc@google.com
push dateWed, 01 May 2013 23:30:56 +0000
bugs867795
Bug 867795: check not only ss->certStatusArray is non-null but also ss->certStatusArray points to a non-empty SECItemArray. r=sleevi.
lib/ssl/ssl3con.c
lib/ssl/ssl3ext.c
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -8451,17 +8451,17 @@ ssl3_SendCertificateStatus(sslSocket *ss
 		SSL_GETPID(), ss->fd));
 
     PORT_Assert( ss->opt.noLocks || ssl_HaveXmitBufLock(ss));
     PORT_Assert( ss->opt.noLocks || ssl_HaveSSL3HandshakeLock(ss));
 
     if (!ssl3_ExtensionNegotiated(ss, ssl_cert_status_xtn))
 	return SECSuccess;
 
-    if (!ss->certStatusArray)
+    if (!ss->certStatusArray || !ss->certStatusArray->len)
 	return SECSuccess;
 
     /* Use the array's first item only (single stapling) */
     len = 1 + ss->certStatusArray->items[0].len + 3;
 
     rv = ssl3_AppendHandshakeHeader(ss, certificate_status, len);
     if (rv != SECSuccess) {
 	return rv; 		/* err set by AppendHandshake. */
--- a/lib/ssl/ssl3ext.c
+++ b/lib/ssl/ssl3ext.c
@@ -677,17 +677,17 @@ static PRInt32
 ssl3_ServerSendStatusRequestXtn(
 			sslSocket * ss,
 			PRBool      append,
 			PRUint32    maxBytes)
 {
     PRInt32 extension_length;
     SECStatus rv;
 
-    if (!ss->certStatusArray)
+    if (!ss->certStatusArray || !ss->certStatusArray->len)
 	return 0;
 
     extension_length = 2 + 2;
     if (append && maxBytes >= extension_length) {
 	/* extension_type */
 	rv = ssl3_AppendHandshakeNumber(ss, ssl_cert_status_xtn, 2);
 	if (rv != SECSuccess)
 	    return -1;