diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2016-04-22 12:10:37 +0200 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2016-04-22 12:10:37 +0200 |
commit | 8ed81e669c9dbea5b61ce2fc8fc3a99d819334e2 (patch) | |
tree | 2b5173cc346fb741313527c32dc866478b30646f | |
parent | e9a1f0052323ac6c83b094a514c873e0c6463c24 (diff) | |
download | nss-hg-8ed81e669c9dbea5b61ce2fc8fc3a99d819334e2.tar.gz |
Bug 1211543 - Don't call SECKEY_DestroyPrivateKeyInfo() for PrivateKeyInfo structures with a zero-length octet string r=franziskus
-rw-r--r-- | lib/pk11wrap/pk11pk12.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c index e5a0a21cf..7e1ce0d47 100644 --- a/lib/pk11wrap/pk11pk12.c +++ b/lib/pk11wrap/pk11pk12.c @@ -233,10 +233,12 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); - if( rv != SECSuccess ) { + if (rv != SECSuccess || pki->privateKey.data == NULL) { /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the * validity of the data in pki. The best we can do is free the arena - * and return. + * and return. Do the same if SECKEYPrivateKeyInfo.privateKey is a + * zero-length octet string (i.e. NULL) to avoid trying to zero the + * corresponding SECItem. */ PORT_FreeArena(temparena, PR_TRUE); return rv; |