Bugzilla Bug 276180: defend against invalid arguments to PK11_HashBuf

and PK11_DigestOp. r=nelsonb.
author: wtchang%redhat.com <devnull@localhost> 2005-01-04 22:00:01 +0000
committer: wtchang%redhat.com <devnull@localhost> 2005-01-04 22:00:01 +0000
commit: 4d45c330272e04713b131fdc4cec641dd4d7c0c2 (patch)
tree: 611c3f0b2ad2e2d2ca47243fd1d2b6586cbb4828 /security/nss/lib/pk11wrap/pk11cxt.c
parent: 189a2e69ede1fce42311a40b4b0fb5bced3d27fd (diff)
download: nss-hg-4d45c330272e04713b131fdc4cec641dd4d7c0c2.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cxt.c b/security/nss/lib/pk11wrap/pk11cxt.c
index f0c41d052..4428fda9b 100644
--- a/security/nss/lib/pk11wrap/pk11cxt.c
+++ b/security/nss/lib/pk11wrap/pk11cxt.c
@@ -624,6 +624,12 @@ PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
     unsigned int out_length;
     SECStatus rv;
 
+    /* len will be passed to PK11_DigestOp as unsigned. */
+    if (len < 0) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     context = PK11_CreateDigestContext(hashAlg);
     if (context == NULL) return SECFailure;
 
@@ -771,6 +777,11 @@ PK11_DigestOp(PK11Context *context, const unsigned char * in, unsigned inLen)
     CK_RV crv = CKR_OK;
     SECStatus rv = SECSuccess;
 
+    if (!in) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return SECFailure;
+    }
+
     /* if we ran out of session, we need to restore our previously stored
      * state.
      */
author	wtchang%redhat.com <devnull@localhost>	2005-01-04 22:00:01 +0000
committer	wtchang%redhat.com <devnull@localhost>	2005-01-04 22:00:01 +0000
commit	4d45c330272e04713b131fdc4cec641dd4d7c0c2 (patch)
tree	611c3f0b2ad2e2d2ca47243fd1d2b6586cbb4828 /security/nss/lib/pk11wrap/pk11cxt.c
parent	189a2e69ede1fce42311a40b4b0fb5bced3d27fd (diff)
download	nss-hg-4d45c330272e04713b131fdc4cec641dd4d7c0c2.tar.gz