Bug 1148374: prettyPrintObjectID should check |len| is nonzero before
authorWan-Teh Chang <wtc@google.com>
Wed, 25 Nov 2015 14:12:44 -0800
changeset 11743 c6204b8cb16bf6328ef6691abaf3385c3eb3fa19
parent 11739 d5dd1249b522666ce208cf385fc2139c7617a2f8
child 11744 e1e2087b898642187882549b19d5c65b70926e65
push id873
push userwtc@google.com
push dateWed, 25 Nov 2015 22:14:03 +0000
bugs1148374
Bug 1148374: prettyPrintObjectID should check |len| is nonzero before reading the first byte of |data|. r=kaie.
cmd/lib/derprint.c
--- a/cmd/lib/derprint.c
+++ b/cmd/lib/derprint.c
@@ -227,16 +227,20 @@ prettyPrintObjectID(FILE *out, const uns
     /*
      * First print the Object Id in numeric format
      */
 
     rv = prettyIndent(out, level);
     if (rv < 0)
 	return rv;
 
+    if (len == 0) {
+	PORT_SetError(SEC_ERROR_BAD_DER);
+	return -1;
+    }
     val = data[0];
     i   = val % 40;
     val = val / 40;
     rv = fprintf(out, "%lu %u ", val, i);
     if (rv < 0) {
 	PORT_SetError(SEC_ERROR_IO);
 	return rv;
     }