Patch for 193961 - incorporate Wan-Teh's feedback

2 files changed, 6 insertions, 6 deletions

diff --git a/security/nss/lib/util/quickder.c b/security/nss/lib/util/quickder.c
index 1b4765812..9cc33b2f2 100644
--- a/security/nss/lib/util/quickder.c
+++ b/security/nss/lib/util/quickder.c
@@ -894,6 +894,11 @@ SECStatus SEC_QuickDERDecodeItem(PRArenaPool* arena, void* dest,
         savpos = PORT_ArenaMark(arena);
         newsrc = *src;
         rv = DecodeItem(dest, templateEntry, &newsrc, arena, PR_TRUE);
+        if (SECSuccess == rv && newsrc.len)
+        {
+            rv = SECFailure;
+            PORT_SetError(SEC_ERROR_EXTRA_INPUT);
+        }
         if (SECSuccess != rv)
         {
             PORT_ArenaRelease(arena, savpos);
@@ -901,11 +906,6 @@ SECStatus SEC_QuickDERDecodeItem(PRArenaPool* arena, void* dest,
         else
         {
             PORT_ArenaUnmark(arena, savpos);
-            if (newsrc.len)
-            {
-                rv = SECFailure;
-                PORT_SetError(SEC_ERROR_BAD_DER_EXTRA_DATA);
-            }
         }
     }
 
diff --git a/security/nss/lib/util/secerr.h b/security/nss/lib/util/secerr.h
index ad7c5d8ff..1387292f2 100644
--- a/security/nss/lib/util/secerr.h
+++ b/security/nss/lib/util/secerr.h
@@ -185,7 +185,7 @@ SEC_ERROR_BAD_TEMPLATE			    =	(SEC_ERROR_BASE + 136),
 SEC_ERROR_CRL_NOT_FOUND 		    =	(SEC_ERROR_BASE + 137),
 SEC_ERROR_REUSED_ISSUER_AND_SERIAL          =   (SEC_ERROR_BASE + 138),
 SEC_ERROR_BUSY                              =   (SEC_ERROR_BASE + 139),
-SEC_ERROR_BAD_DER_EXTRA_DATA                =   (SEC_ERROR_BASE + 140)
+SEC_ERROR_EXTRA_INPUT                       =   (SEC_ERROR_BASE + 140)
 } SECErrorCodes;
 #endif /* NO_SECURITY_ERROR_ENUM */