diff options
author | relyea%netscape.com <devnull@localhost> | 2002-07-31 02:00:13 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-07-31 02:00:13 +0000 |
commit | b9b5d7a7e36db2a82902fb3b99d1184ecdfbf8fd (patch) | |
tree | 37c81636a54551e72676114c7e78168c2a4c29aa | |
parent | 26ddc781050bc08b2f0b579a44353e3d2076b1ad (diff) | |
download | nss-hg-b9b5d7a7e36db2a82902fb3b99d1184ecdfbf8fd.tar.gz |
Protection against Token misbehaving tokens
-rw-r--r-- | security/nss/lib/pki/pki3hack.c | 31 | ||||
-rw-r--r-- | security/nss/lib/pki/pkibase.c | 9 |
2 files changed, 27 insertions, 13 deletions
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 3757aa79f..c26cc927b 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -433,18 +433,27 @@ nssDecodedPKIXCertificate_Destroy ) { CERTCertificate *cert = (CERTCertificate *)dc->data; - PRBool freeSlot = cert->ownSlot; - PK11SlotInfo *slot = cert->slot; - PRArenaPool *arena = cert->arena; - /* zero cert before freeing. Any stale references to this cert - * after this point will probably cause an exception. */ - PORT_Memset(cert, 0, sizeof *cert); - /* free the arena that contains the cert. */ - PORT_FreeArena(arena, PR_FALSE); - nss_ZFreeIf(dc); - if (slot && freeSlot) { - PK11_FreeSlot(slot); + PRBool freeSlot = PR_FALSE; + PK11SlotInfo *slot = NULL; + PRArenaPool *arena; + + /* The decoder may only be half initialized (the case where we find we + * could not decode the certificate). In this case, there is not cert to + * free, just free the dc structure. */ + if (cert) { + freeSlot = cert->ownSlot; + slot = cert->slot; + arena = cert->arena; + /* zero cert before freeing. Any stale references to this cert + * after this point will probably cause an exception. */ + PORT_Memset(cert, 0, sizeof *cert); + /* free the arena that contains the cert. */ + PORT_FreeArena(arena, PR_FALSE); + if (slot && freeSlot) { + PK11_FreeSlot(slot); + } } + nss_ZFreeIf(dc); return PR_SUCCESS; } diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c index 80f6a5015..f81a7854d 100644 --- a/security/nss/lib/pki/pkibase.c +++ b/security/nss/lib/pki/pkibase.c @@ -859,7 +859,9 @@ nssPKIObjectCollection_GetObjects /* Convert the proto-object to an object */ node->object = (*collection->createObject)(node->object); if (!node->object) { - return PR_FAILURE; + link = PR_NEXT_LINK(link); + PR_REMOVE_LINK(&node->link); /*remove bogus object from list*/ + continue; } node->haveObject = PR_TRUE; } @@ -884,7 +886,9 @@ nssPKIObjectCollection_Traverse if (!node->haveObject) { node->object = (*collection->createObject)(node->object); if (!node->object) { - return PR_FAILURE; + link = PR_NEXT_LINK(link); + PR_REMOVE_LINK(&node->link); /*remove bogus object from list*/ + continue; } node->haveObject = PR_TRUE; } @@ -926,6 +930,7 @@ nssPKIObjectCollection_AddInstanceAsObject if (!node->haveObject) { node->object = (*collection->createObject)(node->object); if (!node->object) { + PR_REMOVE_LINK(&node->link); /*remove bogus object from list*/ return PR_FAILURE; } node->haveObject = PR_TRUE; |