summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralexei.volkov.bugs%sun.com <devnull@localhost>2006-04-22 02:09:31 +0000
committeralexei.volkov.bugs%sun.com <devnull@localhost>2006-04-22 02:09:31 +0000
commit3f78b652364876d7c21169e00435c7d7841e4e0a (patch)
treecbcc625c2697e5a5beef41996eb3adfb6e1dd6eb
parente4b13cf1c3c52091fb9283d3b76397b9e73468eb (diff)
downloadnss-hg-3f78b652364876d7c21169e00435c7d7841e4e0a.tar.gz
[Bug 334183] Double free on error because CERT_FindCertIssuer unexpectedly calls CERT_DestroyCertificate. r=alexei
-rw-r--r--security/nss/lib/certhigh/certvfy.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index 44e470b27..e55ede89d 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -360,20 +360,20 @@ loser:
chain, 2, NULL, &status, td, cc);
nss_ZFreeIf(nssTime);
if (status == PR_SUCCESS) {
+ PORT_Assert(me == chain[0]);
/* if it's a root, the chain will only have one cert */
if (!chain[1]) {
/* already has a reference from the call to BuildChain */
return cert;
- } else {
- CERT_DestroyCertificate(cert); /* the first cert in the chain */
- return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
- }
- } else {
- if (chain[0]) {
- CERT_DestroyCertificate(cert);
- }
- PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
- }
+ }
+ NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+ return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */
+ }
+ if (chain[0]) {
+ PORT_Assert(me == chain[0]);
+ NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */
+ }
+ PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
return NULL;
#endif
}