diff options
author | nelson%bolyard.com <devnull@localhost> | 2008-07-22 04:27:47 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2008-07-22 04:27:47 +0000 |
commit | fe3858851013dd2ac21bf78d91d07d4def6d6c4f (patch) | |
tree | 017076444dcceeb5418b407975bb8c399b01d074 | |
parent | 9e90d808e6952645c2271162f8ea8d52dca7f00c (diff) | |
download | nss-hg-fe3858851013dd2ac21bf78d91d07d4def6d6c4f.tar.gz |
bug 444850. Don't crash when CERT_CreateSubjectCertList fails to find any
certs that match the subject name of a cert that NSS has just found.
r=alexei.volkov,wtc
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 4f9686da4..3f11177dd 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -466,10 +466,20 @@ listCerts(CERTCertDBHandle *handle, char *name, PK11SlotInfo *slot, return SECFailure; } } + /* Here, we have one cert with the desired nickname or email + * address. Now, we will attempt to get a list of ALL certs + * with the same subject name as the cert we have. That list + * should contain, at a minimum, the one cert we have already found. + * If the list of certs is empty (NULL), the libraries have failed. + */ certs = CERT_CreateSubjectCertList(NULL, handle, &the_cert->derSubject, PR_Now(), PR_FALSE); CERT_DestroyCertificate(the_cert); - + if (!certs) { + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + SECU_PrintError(progName, "problem printing certificates"); + return SECFailure; + } for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs); node = CERT_LIST_NEXT(node)) { the_cert = node->cert; |