diff options
author | nelson%bolyard.com <devnull@localhost> | 2007-01-13 23:39:03 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2007-01-13 23:39:03 +0000 |
commit | 3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e (patch) | |
tree | a75a5e1237c29649bba24f01aee5e8e42c7bc5d5 | |
parent | 62c9797643d75850e47bf6fdd9f30d95a1ad6874 (diff) | |
download | nss-hg-3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e.tar.gz |
Bug 366405. Fix PK11_DeleteTokenPrivateKey to not leak the cert when
force is true. r=alexei.volkov,wtchang
-rw-r--r-- | security/nss/lib/pk11wrap/pk11akey.c | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c index 9692d971f..707989d9f 100644 --- a/security/nss/lib/pk11wrap/pk11akey.c +++ b/security/nss/lib/pk11wrap/pk11akey.c @@ -1671,18 +1671,17 @@ SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force) { CERTCertificate *cert=PK11_GetCertFromPrivateKey(privKey); + SECStatus rv = SECWouldBlock; - /* found a cert matching the private key?. */ - if (!force && cert != NULL) { - /* yes, don't delete the key */ - CERT_DestroyCertificate(cert); - SECKEY_DestroyPrivateKey(privKey); - return SECWouldBlock; + if (!cert || force) { + /* now, then it's safe for the key to go away */ + rv = PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID); + } + if (cert) { + CERT_DestroyCertificate(cert); } - /* now, then it's safe for the key to go away */ - PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID); SECKEY_DestroyPrivateKey(privKey); - return SECSuccess; + return rv; } /* |