Author: damjan
Date: Wed Feb 3 01:38:46 2016
New Revision: 1728245
URL: http://svn.apache.org/viewvc?rev=1728245&view=rev
Log:
AOO crashes when PR_GetErrorText() in xmlsecurity is called with a null
pointer, as that function actually expects a PR_GetErrorTextLength() + 1
sized buffer. Use it correctly.
Patch by: me
Modified:
openoffice/trunk/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
Modified: openoffice/trunk/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
URL:
http://svn.apache.org/viewvc/openoffice/trunk/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx?rev=1728245&r1=1728244&r2=1728245&view=diff
==============================================================================
--- openoffice/trunk/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
(original)
+++ openoffice/trunk/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx Wed
Feb 3 01:38:46 2016
@@ -265,11 +265,13 @@ bool nsscrypto_initialize( const css::un
if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess )
{
xmlsec_trace("Initializing NSS with profile failed.");
- char * error = NULL;
-
+ PRInt32 errorLength = PR_GetErrorTextLength();
+ char *error = new char[errorLength + 1];
+ error[0] = '\0'; // as per
https://bugzilla.mozilla.org/show_bug.cgi?id=538940
PR_GetErrorText(error);
- if (error)
+ if (error[0])
xmlsec_trace("%s",error);
+ delete[] error;
return false ;
}
}
@@ -279,10 +281,13 @@ bool nsscrypto_initialize( const css::un
if ( NSS_NoDB_Init(NULL) != SECSuccess )
{
xmlsec_trace("Initializing NSS without profile failed.");
- char * error = NULL;
+ PRInt32 errorLength = PR_GetErrorTextLength();
+ char *error = new char[errorLength + 1];
+ error[0] = '\0';
PR_GetErrorText(error);
- if (error)
+ if (error[0])
xmlsec_trace("%s",error);
+ delete[] error;
return false ;
}
}
