Bugzilla Bug 298409: fixed an array index off-by-one error and a memory

leak. r=nelsonb.
2024-11-30 00:01:50 +00:00 · 2005-06-24 23:00:02 +00:00 · 2005-06-24 23:00:02 +00:00 · 47bf55ca0f
commit 47bf55ca0f
parent efdb7c74c9
1 changed files with 2 additions and 2 deletions
--- a/security/nss/cmd/crlutil/crlgen.c
+++ b/security/nss/cmd/crlutil/crlgen.c
@ -1367,7 +1367,7 @@ crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
            return SECFailure;
        }
    }
-    if (extStr->nextUpdatedData > MAX_EXT_DATA_LENGTH) {
+    if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
        PORT_SetError(SEC_ERROR_INVALID_ARGS);
        crlgen_PrintError(crlGenData->parsedLineNum, 
                          "number of fields in extension "
@ -1415,7 +1415,7 @@ crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
              PORT_Free(crlGenData->certEntry);
              break;
          case CRLGEN_ADD_EXTENSION_CONTEXT:
-              if (crlGenData->extensionEntry->nextUpdatedData) {
+              if (crlGenData->extensionEntry->extData) {
                  int i = 0;
                  for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
                      PORT_Free(*(crlGenData->extensionEntry->extData + i));