AOO crashes when PR_GetErrorText() in xmlsecurity is called with a null
pointer, as that function actually expects a PR_GetErrorTextLength() + 1
sized buffer. Use it correctly.
Patch by: me
git-svn-id: https://svn.apache.org/repos/asf/openoffice/trunk@1728245 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx b/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
index d8b9caa..ec02a1e 100644
--- a/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
+++ b/main/xmlsecurity/source/xmlsec/nss/nssinitializer.cxx
@@ -265,11 +265,13 @@
if( NSS_InitReadWrite( sCertDir.getStr() ) != SECSuccess )
{
xmlsec_trace("Initializing NSS with profile failed.");
- char * error = NULL;
-
+ PRInt32 errorLength = PR_GetErrorTextLength();
+ char *error = new char[errorLength + 1];
+ error[0] = '\0'; // as per https://bugzilla.mozilla.org/show_bug.cgi?id=538940
PR_GetErrorText(error);
- if (error)
+ if (error[0])
xmlsec_trace("%s",error);
+ delete[] error;
return false ;
}
}
@@ -279,10 +281,13 @@
if ( NSS_NoDB_Init(NULL) != SECSuccess )
{
xmlsec_trace("Initializing NSS without profile failed.");
- char * error = NULL;
+ PRInt32 errorLength = PR_GetErrorTextLength();
+ char *error = new char[errorLength + 1];
+ error[0] = '\0';
PR_GetErrorText(error);
- if (error)
+ if (error[0])
xmlsec_trace("%s",error);
+ delete[] error;
return false ;
}
}