From 29df488eaa9f2d37e44f7fce8855946384595ee9 Mon Sep 17 00:00:00 2001
From: "wtc%netscape.com" <wtc%netscape.com>
Date: Tue, 18 Jun 2002 05:00:39 +0000
Subject: [PATCH] Bug 151940: SEC_PKCS12DecoderVerify should call
 SEC_ASN1DecoderFinish first to detect insufficient input data error.

---
 security/nss/lib/pkcs12/p12d.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security/nss/lib/pkcs12/p12d.c b/security/nss/lib/pkcs12/p12d.c
index ca5017cc5653..77e83a6fd64c 100644
--- a/security/nss/lib/pkcs12/p12d.c
+++ b/security/nss/lib/pkcs12/p12d.c
@@ -1408,6 +1408,12 @@ SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx)
 	return SECFailure;
     }
 
+    rv = SEC_ASN1DecoderFinish(p12dcx->pfxDcx);
+    p12dcx->pfxDcx = NULL;
+    if(rv != SECSuccess) {
+	return rv;
+    }
+
     /* check the signature or the mac depending on the type of
      * integrity used.
      */