From 14dc3370e1e64069bcfa66d765783ab8ebb84653 Mon Sep 17 00:00:00 2001
From: "julien.pierre.bugs%sun.com"
 <julien.pierre.bugs%sun.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Mon, 4 Apr 2005 09:27:42 +0000
Subject: [PATCH] Fix for 287654 . Check input buffer length for C_Encrypt with
 RSA . r=nelson

git-svn-id: svn://10.0.0.236/trunk@171551 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/lib/softoken/rsawrapr.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/mozilla/security/nss/lib/softoken/rsawrapr.c b/mozilla/security/nss/lib/softoken/rsawrapr.c
index 12d43098a88..5b8588cfdf7 100644
--- a/mozilla/security/nss/lib/softoken/rsawrapr.c
+++ b/mozilla/security/nss/lib/softoken/rsawrapr.c
@@ -37,7 +37,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: rsawrapr.c,v 1.7 2004-04-27 23:04:38 gerv%gerv.net Exp $ */
+/* $Id: rsawrapr.c,v 1.8 2005-04-04 09:27:42 julien.pierre.bugs%sun.com Exp $ */
 
 #include "blapi.h"
 #include "softoken.h"
@@ -416,6 +416,9 @@ rsa_FormatBlock(SECItem *result, unsigned modulusLen,
 	 * Pad is zeros. The application is responsible for recovering
 	 * the actual data.
 	 */
+	if (data->len > modulusLen ) {
+	    return SECFailure;
+	}
 	result->data = (unsigned char*)PORT_ZAlloc(modulusLen);
 	result->len = modulusLen;
 	PORT_Memcpy(result->data+(modulusLen-data->len),data->data,data->len);