From 51bba3117189116943aad3a494a8be44af1bf398 Mon Sep 17 00:00:00 2001
From: "julien.pierre.bugs%sun.com" <julien.pierre.bugs%sun.com>
Date: Mon, 4 Apr 2005 09:27:42 +0000
Subject: [PATCH] Fix for 287654 . Check input buffer length for C_Encrypt with
 RSA . r=nelson

---
 security/nss/lib/softoken/rsawrapr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/nss/lib/softoken/rsawrapr.c b/security/nss/lib/softoken/rsawrapr.c
index d4882d859f03..80edee136c14 100644
--- a/security/nss/lib/softoken/rsawrapr.c
+++ b/security/nss/lib/softoken/rsawrapr.c
@@ -37,7 +37,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: rsawrapr.c,v 1.7 2004/04/27 23:04:38 gerv%gerv.net Exp $ */
+/* $Id: rsawrapr.c,v 1.8 2005/04/04 09:27:42 julien.pierre.bugs%sun.com Exp $ */
 
 #include "blapi.h"
 #include "softoken.h"
@@ -416,6 +416,9 @@ rsa_FormatBlock(SECItem *result, unsigned modulusLen,
 	 * Pad is zeros. The application is responsible for recovering
 	 * the actual data.
 	 */
+	if (data->len > modulusLen ) {
+	    return SECFailure;
+	}
 	result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
 	result->len = modulusLen;
 	PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);