From 7dacaeaa695af67137f7370ef45f3d1fbbbccabf Mon Sep 17 00:00:00 2001
From: "wtchang%redhat.com"
 <wtchang%redhat.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Fri, 24 Jun 2005 23:00:02 +0000
Subject: [PATCH] Bugzilla Bug 298409: fixed an array index off-by-one error
 and a memory leak. r=nelsonb.

git-svn-id: svn://10.0.0.236/trunk@175125 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/cmd/crlutil/crlgen.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mozilla/security/nss/cmd/crlutil/crlgen.c b/mozilla/security/nss/cmd/crlutil/crlgen.c
index 71d1e20ea36..15e542cac56 100644
--- a/mozilla/security/nss/cmd/crlutil/crlgen.c
+++ b/mozilla/security/nss/cmd/crlutil/crlgen.c
@@ -1367,7 +1367,7 @@ crlgen_setNextDataFn_extension(CRLGENGeneratorData *crlGenData, void *str,
             return SECFailure;
         }
     }
-    if (extStr->nextUpdatedData > MAX_EXT_DATA_LENGTH) {
+    if (extStr->nextUpdatedData >= MAX_EXT_DATA_LENGTH) {
         PORT_SetError(SEC_ERROR_INVALID_ARGS);
         crlgen_PrintError(crlGenData->parsedLineNum, 
                           "number of fields in extension "
@@ -1415,7 +1415,7 @@ crlgen_destroyTempData(CRLGENGeneratorData *crlGenData)
               PORT_Free(crlGenData->certEntry);
               break;
           case CRLGEN_ADD_EXTENSION_CONTEXT:
-              if (crlGenData->extensionEntry->nextUpdatedData) {
+              if (crlGenData->extensionEntry->extData) {
                   int i = 0;
                   for (;i < crlGenData->extensionEntry->nextUpdatedData;i++)
                       PORT_Free(*(crlGenData->extensionEntry->extData + i));