Bug 444850. Don't ask the module to use an invalid session handle in

find_objects. r=alexei,julien sr=wtc.

1 files changed, 7 insertions, 1 deletions

diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index ae9bc89de..e6d247e7e 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -280,13 +280,19 @@ find_objects (
 {
     CK_RV ckrv = CKR_OK;
     CK_ULONG count;
-    CK_OBJECT_HANDLE *objectHandles;
+    CK_OBJECT_HANDLE *objectHandles = NULL;
     CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE];
     PRUint32 arraySize, numHandles;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssCryptokiObject **objects;
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
+    /* Don't ask the module to use an invalid session handle. */
+    if (session->handle == CK_INVALID_SESSION) {
+	ckrv = CKR_SESSION_HANDLE_INVALID;
+	goto loser;                
+    }
+
     /* the arena is only for the array of object handles */
     if (maximumOpt > 0) {
 	arraySize = maximumOpt;