From a82f9cb265a47f79d9b42fc2d4e90c03e83adb64 Mon Sep 17 00:00:00 2001
From: Fedor <fedor@mail.ru>
Date: Tue, 21 Jan 2020 14:00:13 +0300
Subject: [PATCH] Be more consistent about decoding IP addresses in PSM.

---
 security/manager/ssl/TransportSecurityInfo.cpp | 5 ++++-
 security/manager/ssl/nsNSSCertHelper.cpp       | 4 +++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/security/manager/ssl/TransportSecurityInfo.cpp b/security/manager/ssl/TransportSecurityInfo.cpp
index 3c7023302..3f4bf4a90 100644
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -8,6 +8,7 @@
 
 #include "PSMRunnable.h"
 #include "mozilla/Casting.h"
+#include "mozilla/net/DNS.h"
 #include "nsComponentManagerUtils.h"
 #include "nsIArray.h"
 #include "nsICertOverrideService.h"
@@ -681,8 +682,10 @@ GetSubjectAltNames(CERTCertificate* nssCert, nsString& allNames)
 
       case certIPAddress:
         {
-          char buf[INET6_ADDRSTRLEN];
+          // According to DNS.h, this includes space for the null-terminator
+          char buf[net::kNetAddrMaxCStrBufSize] = {0};
           PRNetAddr addr;
+          memset(&addr, 0, sizeof(addr));
           if (current->name.other.len == 4) {
             addr.inet.family = PR_AF_INET;
             memcpy(&addr.inet.ip, current->name.other.data, current->name.other.len);
diff --git a/security/manager/ssl/nsNSSCertHelper.cpp b/security/manager/ssl/nsNSSCertHelper.cpp
index 64c87ad2f..efcb8747a 100644
--- a/security/manager/ssl/nsNSSCertHelper.cpp
+++ b/security/manager/ssl/nsNSSCertHelper.cpp
@@ -11,6 +11,7 @@
 #include "mozilla/NotNull.h"
 #include "mozilla/Sprintf.h"
 #include "mozilla/UniquePtr.h"
+#include "mozilla/net/DNS.h"
 #include "nsCOMPtr.h"
 #include "nsComponentManagerUtils.h"
 #include "nsDateTimeFormatCID.h"
@@ -1006,8 +1007,9 @@ ProcessGeneralName(const UniquePLArenaPool& arena, CERTGeneralName* current,
     break;
   case certIPAddress:
     {
-      char buf[INET6_ADDRSTRLEN];
       PRStatus status = PR_FAILURE;
+      // According to DNS.h, this includes space for the null-terminator
+      char buf[net::kNetAddrMaxCStrBufSize] = {0};
       PRNetAddr addr;
       memset(&addr, 0, sizeof(addr));
       nssComponent->GetPIPNSSBundleString("CertDumpIPAddress", key);