Bug 1321998 - fix alg1485 malformed OID issue part 1, r=ttaubert

Differential Revision: https://nss-review.dev.mozaws.net/D364 --HG-- extra : rebase_source : 274c0d8041c1c29fccabb215e195acb41e31e9e2
sailfishos-mirror · Jul 10, 2017 · cd651a8 · cd651a8
1 parent 6692e92
commit cd651a8
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/lib/certdb/alg1485.c b/lib/certdb/alg1485.c
@@ -703,14 +703,19 @@ CERT_GetOidString(const SECItem* oid)
         return NULL;
     }
 
+    /* If the OID has length 1, we bail. */
+    if (oid->len < 2) {
+        return NULL;
+    }
+
     /* first will point to the next sequence of bytes to decode */
     first = (PRUint8*)oid->data;
     /* stop points to one past the legitimate data */
     stop = &first[oid->len];
 
     /*
-   * Check for our pseudo-encoded single-digit OIDs
-   */
+     * Check for our pseudo-encoded single-digit OIDs
+     */
     if ((*first == 0x80) && (2 == oid->len)) {
         /* Funky encoding.  The second byte is the number */
         rvString = PR_smprintf("%lu", (PRUint32)first[1]);
@@ -748,8 +753,7 @@ CERT_GetOidString(const SECItem* oid)
                 CASE(2, 0x7f);
                 CASE(1, 0x7f);
                 case 0:
-                    n |=
-                        last[0] & 0x7f;
+                    n |= last[0] & 0x7f;
                     break;
             }
             if (last[0] & 0x80)