| OLD | NEW |
|---|
| (Empty) |
| 1 diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con
.c | |
| 2 index b6f4313..5476fa5 100644 | |
| 3 --- a/net/third_party/nss/ssl/ssl3con.c | |
| 4 +++ b/net/third_party/nss/ssl/ssl3con.c | |
| 5 @@ -5505,6 +5505,30 @@ loser: | |
| 6 return SECFailure; | |
| 7 } | |
| 8 | |
| 9 +/* ssl3_BigIntGreaterThan1 returns true iff |mpint|, taken as an unsigned, | |
| 10 + * big-endian integer is > 1 */ | |
| 11 +static PRBool | |
| 12 +ssl3_BigIntGreaterThan1(const SECItem* mpint) { | |
| 13 + unsigned char firstNonZeroByte = 0; | |
| 14 + unsigned int i; | |
| 15 + | |
| 16 + for (i = 0; i < mpint->len; i++) { | |
| 17 + if (mpint->data[i]) { | |
| 18 + firstNonZeroByte = mpint->data[i]; | |
| 19 + break; | |
| 20 + } | |
| 21 + } | |
| 22 + | |
| 23 + if (firstNonZeroByte == 0) | |
| 24 + return PR_FALSE; | |
| 25 + if (firstNonZeroByte > 1) | |
| 26 + return PR_TRUE; | |
| 27 + | |
| 28 + // firstNonZeroByte == 1, therefore mpint > 1 iff the first non-zero byte | |
| 29 + // is followed by another byte. | |
| 30 + return (i < mpint->len - 1); | |
| 31 +} | |
| 32 + | |
| 33 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | |
| 34 * ssl3 ServerKeyExchange message. | |
| 35 * Caller must hold Handshake and RecvBuf locks. | |
| 36 @@ -5636,15 +5660,13 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *
b, PRUint32 length) | |
| 37 if (rv != SECSuccess) { | |
| 38 goto loser; /* malformed. */ | |
| 39 } | |
| 40 - if (dh_g.len == 0 || dh_g.len > dh_p.len + 1 || | |
| 41 - (dh_g.len == 1 && dh_g.data[0] == 0)) | |
| 42 + if (dh_g.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_g)) | |
| 43 goto alert_loser; | |
| 44 rv = ssl3_ConsumeHandshakeVariable(ss, &dh_Ys, 2, &b, &length); | |
| 45 if (rv != SECSuccess) { | |
| 46 goto loser; /* malformed. */ | |
| 47 } | |
| 48 - if (dh_Ys.len == 0 || dh_Ys.len > dh_p.len + 1 || | |
| 49 - (dh_Ys.len == 1 && dh_Ys.data[0] == 0)) | |
| 50 + if (dh_Ys.len > dh_p.len || !ssl3_BigIntGreaterThan1(&dh_Ys)) | |
| 51 goto alert_loser; | |
| 52 rv = ssl3_ConsumeHandshakeVariable(ss, &signature, 2, &b, &length); | |
| 53 if (rv != SECSuccess) { | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11275240:
Update net/third_party/nss/ssl to NSS 3.14. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/