Fix a buffer length bug and nits in the next protocol negotiation (NPN)

net/third_party/nss/patches/nextprotocleanup.patch

+Index: mozilla/security/nss/lib/ssl/ssl3ext.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3ext.c,v
+retrieving revision 1.21
+diff -u -p -r1.21 ssl3ext.c
+--- mozilla/security/nss/lib/ssl/ssl3ext.c      15 Feb 2012 21:52:08 -0000      1.21
++++ mozilla/security/nss/lib/ssl/ssl3ext.c      10 Mar 2012 00:01:26 -0000
+@@ -592,10 +592,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
+     unsigned char resultBuffer[255];
+     SECItem result = { siBuffer, resultBuffer, 0 };
+ 
+-    if (ss->firstHsDone) {
+-       PORT_SetError(SSL_ERROR_NEXT_PROTOCOL_DATA_INVALID);
+-       return SECFailure;
+-    }
++    PORT_Assert(!ss->firstHsDone);
+ 
+     rv = ssl3_ValidateNextProtoNego(data->data, data->len);
+     if (rv != SECSuccess)
+@@ -607,6 +604,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
+      */
+     PORT_Assert(ss->nextProtoCallback != NULL);
+     if (!ss->nextProtoCallback) {
++       /* XXX Use a better error code. This is an application error, not an
++        * NSS bug. */
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        return SECFailure;
+     }
+@@ -617,7 +616,7 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSoc
+        return rv;
+     /* If the callback wrote more than allowed to |result| it has corrupted our
+      * stack. */
+-    if (result.len > sizeof result) {
++    if (result.len > sizeof resultBuffer) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+     }
+Index: mozilla/security/nss/lib/ssl/sslsock.c
+===================================================================
+RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
+retrieving revision 1.82
+diff -u -p -r1.82 sslsock.c
+--- mozilla/security/nss/lib/ssl/sslsock.c      15 Feb 2012 21:52:08 -0000      1.82
++++ mozilla/security/nss/lib/ssl/sslsock.c      10 Mar 2012 00:01:26 -0000
+@@ -1303,7 +1303,7 @@ SSL_SetNextProtoCallback(PRFileDesc *fd,
+     return SECSuccess;
+ }
+ 
+-/* NextProtoStandardCallback is set as an NPN callback for the case when
++/* ssl_NextProtoNegoCallback is set as an NPN callback for the case when
+  * SSL_SetNextProtoNego is used.
+  */
+ static SECStatus
+@@ -1349,12 +1349,12 @@ pick_first:
+     result = ss->opt.nextProtoNego.data;
+ 
+ found:
+-    *protoOutLen = result[0];
+     if (protoMaxLen < result[0]) {
+        PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+        return SECFailure;
+     }
+     memcpy(protoOut, result + 1, result[0]);
++    *protoOutLen = result[0];
+     return SECSuccess;
+ }
+ 
+@@ -1408,13 +1408,12 @@ SSL_GetNextProto(PRFileDesc *fd, SSLNext
+ 
+     if (ss->ssl3.nextProtoState != SSL_NEXT_PROTO_NO_SUPPORT &&
+        ss->ssl3.nextProto.data) {
+-       *bufLen = ss->ssl3.nextProto.len;
+-       if (*bufLen > bufLenMax) {
++       if (ss->ssl3.nextProto.len > bufLenMax) {
+            PORT_SetError(SEC_ERROR_OUTPUT_LEN);
+-           *bufLen = 0;
+            return SECFailure;
+        }
+        PORT_Memcpy(buf, ss->ssl3.nextProto.data, ss->ssl3.nextProto.len);
++       *bufLen = ss->ssl3.nextProto.len;
+     } else {
+        *bufLen = 0;
+     }