From 47bf55ca0f9909862b84fe27d17a918e4606e603 Mon Sep 17 00:00:00 2001
From: "wtchang%redhat.com" <wtchang%redhat.com>
Date: Fri, 24 Jun 2005 23:00:02 +0000
Subject: [PATCH] Bugzilla Bug 298409: fixed an array index off-by-one error
 and a memory leak. r=nelsonb.

---
 security/nss/cmd/crlutil/crlgen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/nss/cmd/crlutil/crlgen.c b/security/nss/cmd/crlutil/crlgen.c
index 71d1e20ea36c..15e542cac560 100644
--- a/security/nss/cmd/crlutil/crlgen.c
+++ b/security/nss/cmd/crlutil/crlgen.c
@@ -1367,7 +1367,7 @@ crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
             return SECFailure;
         }
     }
-    if (extStr->nextUpdatedData > MAX_EXT_DATA_LENGTH) {
+    if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         crlgen_PrintError(crlGenData->parsedLineNum, 
                           "number of fields in extension "
@@ -1415,7 +1415,7 @@ crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
               PORT_Free(crlGenData->certEntry);
               break;
           case CRLGEN_ADD_EXTENSION_CONTEXT:
-              if (crlGenData->extensionEntry->nextUpdatedData) {
+              if (crlGenData->extensionEntry->extData) {
                   int i = 0;
                   for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
                       PORT_Free(*(crlGenData->extensionEntry->extData + i));