Bug 414003: don't scan past end of certitiface header and trailer strings.
authornelson%bolyard.com
Sun, 27 Apr 2008 02:08:58 +0000
changeset 8576 578885525a016f8910033fdc9c91782aaa484b66
parent 8575 ed3d50059442b99204bfd7df2a2bf766958b2543
child 8577 a10dd99f190d05e4b873bc083fddb051c4563910
push idunknown
push userunknown
push dateunknown
bugs414003
Bug 414003: don't scan past end of certitiface header and trailer strings. r=rrelyea, sr=alexei.volkov
security/nss/lib/pkcs7/certread.c
--- a/security/nss/lib/pkcs7/certread.c
+++ b/security/nss/lib/pkcs7/certread.c
@@ -167,20 +167,22 @@ CERT_ConvertAndDecodeCertificate(char *c
 
     cert = CERT_NewTempCertificate(CERT_GetDefaultCertDB(), 
                                    &der, NULL, PR_FALSE, PR_TRUE);
 
     PORT_Free(der.data);
     return cert;
 }
 
-#define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----"
-#define NS_CERT_TRAILER "-----END CERTIFICATE-----"
+static const char NS_CERT_HEADER[]  = "-----BEGIN CERTIFICATE-----";
+static const char NS_CERT_TRAILER[] = "-----END CERTIFICATE-----";
+#define NS_CERT_HEADER_LEN  ((sizeof NS_CERT_HEADER) - 1)
+#define NS_CERT_TRAILER_LEN ((sizeof NS_CERT_TRAILER) - 1)
 
-#define CERTIFICATE_TYPE_STRING "certificate"
+static const char CERTIFICATE_TYPE_STRING[] = "certificate";
 #define CERTIFICATE_TYPE_LEN (sizeof(CERTIFICATE_TYPE_STRING)-1)
 
 CERTPackageType
 CERT_CertPackageType(SECItem *package, SECItem *certitem)
 {
     unsigned char *cp;
     unsigned int seqLen, seqLenLen;
     SECItem oiditem;
@@ -431,20 +433,21 @@ notder:
 	    *pc++ = '\n';
 	}
     }
 
     cp = (unsigned char *)ascCert;
     cl = certlen;
 
     /* find the beginning marker */
-    while ( cl > sizeof(NS_CERT_HEADER) ) {
+    while ( cl > NS_CERT_HEADER_LEN ) {
 	if ( !PORT_Strncasecmp((char *)cp, NS_CERT_HEADER,
-			     sizeof(NS_CERT_HEADER)-1) ) {
-	    cp = cp + sizeof(NS_CERT_HEADER);
+			        NS_CERT_HEADER_LEN) ) {
+	    cl -= NS_CERT_HEADER_LEN;
+	    cp += NS_CERT_HEADER_LEN;
 	    certbegin = cp;
 	    break;
 	}
 	
 	/* skip to next eol */
 	do {
 	    cp++;
 	    cl--;
@@ -454,19 +457,19 @@ notder:
 	while ( ( *cp == '\n') && cl ) {
 	    cp++;
 	    cl--;
 	}
     }
 
     if ( certbegin ) {
 	/* find the ending marker */
-	while ( cl > sizeof(NS_CERT_TRAILER) ) {
+	while ( cl > NS_CERT_TRAILER_LEN ) {
 	    if ( !PORT_Strncasecmp((char *)cp, NS_CERT_TRAILER,
-				 sizeof(NS_CERT_TRAILER)-1) ) {
+				   NS_CERT_TRAILER_LEN) ) {
 		certend = (unsigned char *)cp;
 		break;
 	    }
 
 	    /* skip to next eol */
 	    do {
 		cp++;
 		cl--;