diff options
author | alexei.volkov.bugs%sun.com <devnull@localhost> | 2006-04-22 02:09:31 +0000 |
---|---|---|
committer | alexei.volkov.bugs%sun.com <devnull@localhost> | 2006-04-22 02:09:31 +0000 |
commit | 3f78b652364876d7c21169e00435c7d7841e4e0a (patch) | |
tree | cbcc625c2697e5a5beef41996eb3adfb6e1dd6eb | |
parent | e4b13cf1c3c52091fb9283d3b76397b9e73468eb (diff) | |
download | nss-hg-3f78b652364876d7c21169e00435c7d7841e4e0a.tar.gz |
[Bug 334183] Double free on error because CERT_FindCertIssuer unexpectedly calls CERT_DestroyCertificate. r=alexei
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 44e470b27..e55ede89d 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -360,20 +360,20 @@ loser: chain, 2, NULL, &status, td, cc); nss_ZFreeIf(nssTime); if (status == PR_SUCCESS) { + PORT_Assert(me == chain[0]); /* if it's a root, the chain will only have one cert */ if (!chain[1]) { /* already has a reference from the call to BuildChain */ return cert; - } else { - CERT_DestroyCertificate(cert); /* the first cert in the chain */ - return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */ - } - } else { - if (chain[0]) { - CERT_DestroyCertificate(cert); - } - PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); - } + } + NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */ + return STAN_GetCERTCertificate(chain[1]); /* return the 2nd */ + } + if (chain[0]) { + PORT_Assert(me == chain[0]); + NSSCertificate_Destroy(chain[0]); /* the first cert in the chain */ + } + PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER); return NULL; #endif } |