Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-29 07:42:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 507379 - hostname from SSL_RevealURL is null checked too late [@ nsDependentCString - nsNSSBadCertHandler]; r=kaie

Browse Source
This commit is contained in:
timeless 2009-08-25 15:22:28 +02:00
parent 1766cc0dda
commit 672d60d0bf
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
security/manager/ssl/src/nsNSSIOLayer.cpp
View File

@ -3197,8 +3197,11 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
PRErrorCode errorCodeTrust = SECSuccess; PRErrorCode errorCodeTrust = SECSuccess;
PRErrorCode errorCodeMismatch = SECSuccess; PRErrorCode errorCodeMismatch = SECSuccess;
PRErrorCode errorCodeExpired = SECSuccess; PRErrorCode errorCodeExpired = SECSuccess;
char *hostname = SSL_RevealURL(sslSocket); char *hostname = SSL_RevealURL(sslSocket);
if (!hostname)
return cancel_and_failure(infoObject);
charCleaner hostnameCleaner(hostname); charCleaner hostnameCleaner(hostname);
nsDependentCString hostString(hostname); nsDependentCString hostString(hostname);
@ -3212,7 +3215,7 @@ nsNSSBadCertHandler(void *arg, PRFileDesc *sslSocket)
NS_ConvertUTF8toUTF16 hostWithPortStringUTF16(hostWithPortString); NS_ConvertUTF8toUTF16 hostWithPortStringUTF16(hostWithPortString);
// Check the name field against the desired hostname. // Check the name field against the desired hostname.
if (hostname && hostname[0] && if (hostname[0] &&
CERT_VerifyCertName(peerCert, hostname) != SECSuccess) { CERT_VerifyCertName(peerCert, hostname) != SECSuccess) {
collected_errors |= nsICertOverrideService::ERROR_MISMATCH; collected_errors |= nsICertOverrideService::ERROR_MISMATCH;
errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN; errorCodeMismatch = SSL_ERROR_BAD_CERT_DOMAIN;