From 8dd16259287f58f9273002717ec4d27e97127719 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 12 Jun 2024 07:43:14 +0200
Subject: Merging upstream version 127.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 security/nss/lib/ssl/tls13con.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'security/nss/lib/ssl/tls13con.c')

diff --git a/security/nss/lib/ssl/tls13con.c b/security/nss/lib/ssl/tls13con.c
index 2a3b8994a9..87f6d5bd7e 100644
--- a/security/nss/lib/ssl/tls13con.c
+++ b/security/nss/lib/ssl/tls13con.c
@@ -3977,12 +3977,13 @@ tls13_HandleCertificateDecode(sslSocket *ss, PRUint8 *b, PRUint32 length)
 
     /* Decoding received certificate. */
     SECItem decodedCertificate = { siBuffer, NULL, 0 };
+    if (!SECITEM_AllocItem(NULL, &decodedCertificate, decodedCertificateLen)) {
+        FATAL_ERROR(ss, SEC_ERROR_NO_MEMORY, internal_error);
+        return SECFailure;
+    }
 
-    SECItem encodedCertAsSecItem;
-    SECITEM_MakeItem(NULL, &encodedCertAsSecItem, b, compressedCertificateMessageLen);
-
+    SECItem encodedCertAsSecItem = { siBuffer, b, compressedCertificateMessageLen };
     rv = certificateDecodingFunc(&encodedCertAsSecItem, &decodedCertificate, decodedCertificateLen);
-    SECITEM_FreeItem(&encodedCertAsSecItem, PR_FALSE);
 
     if (rv != SECSuccess) {
         SSL_TRC(50, ("%d: TLS13[%d]: %s decoding of the certificate has failed",
-- 
cgit v1.2.3