Bug 1438277 - Be even more defensive about bad token implementations …

…in nssCryptokiObject_Create r=ttaubert Summary: add a null check in nssCryptokiObject_Create that seems to be necessary Reviewers: ttaubert Reviewed By: ttaubert Bug #: 1438277 Differential Revision: https://phabricator.services.mozilla.com/D640 --HG-- extra : amend_source : 817a5523824445bd3d5d5c6fabdc359deeefd855
sailfishos-mirror · Feb 27, 2018 · 87f6d27 · 87f6d27
1 parent 3fa042f
commit 87f6d27
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/dev/devutil.c b/lib/dev/devutil.c
@@ -32,7 +32,7 @@ nssCryptokiObject_Create(
         /* a failure here indicates a device error */
         return (nssCryptokiObject *)NULL;
     }
-    if (cert_template[0].ulValueLen == 0) {
+    if (cert_template[0].ulValueLen == 0 || !cert_template[0].pValue) {
         nss_ZFreeIf(cert_template[1].pValue);
         return (nssCryptokiObject *)NULL;
     }