diff options
author | nelson%bolyard.com <devnull@localhost> | 2008-07-29 03:49:11 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2008-07-29 03:49:11 +0000 |
commit | 652ea03970ff40227008a27aac73d55ff317f006 (patch) | |
tree | 65cb77b239bcb12f4e9a3255c65480891204993f | |
parent | cc7b07fe4cad8adaa429cf44553988d083ab2562 (diff) | |
download | nss-hg-652ea03970ff40227008a27aac73d55ff317f006.tar.gz |
bug 444850. Don't crash when CERT_CreateSubjectCertList fails to find any
certs that match the subject name of a cert that NSS has just found.
r=alexei.volkov,wtc
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index eeb132fed..95623ebc5 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -656,10 +656,20 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, return SECFailure; } } + /* Here, we have one cert with the desired nickname or email + * address. Now, we will attempt to get a list of ALL certs + * with the same subject name as the cert we have. That list + * should contain, at a minimum, the one cert we have already found. + * If the list of certs is empty (NULL), the libraries have failed. + */ certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, PR_Now(), PR_FALSE); CERT_DestroyCertificate(the_cert); - + if (!certs) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + SECU_PrintError(progName, "problem printing certificates"); + return SECFailure; + } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { the_cert = node->cert; |