Bug 366405. Fix PK11_DeleteTokenPrivateKey to not leak the cert when

force is true. r=alexei.volkov,wtchang
author: nelson%bolyard.com <devnull@localhost> 2007-01-13 23:39:03 +0000
committer: nelson%bolyard.com <devnull@localhost> 2007-01-13 23:39:03 +0000
commit: 3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e (patch)
tree: a75a5e1237c29649bba24f01aee5e8e42c7bc5d5
parent: 62c9797643d75850e47bf6fdd9f30d95a1ad6874 (diff)
download: nss-hg-3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e.tar.gz
1 files changed, 8 insertions, 9 deletions
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c
index 9692d971f..707989d9f 100644
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -1671,18 +1671,17 @@ SECStatus
 PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey, PRBool force)
 {
     CERTCertificate *cert=PK11_GetCertFromPrivateKey(privKey);
+    SECStatus rv = SECWouldBlock;
 
-    /* found a cert matching the private key?. */
-    if (!force  && cert != NULL) {
-	/* yes, don't delete the key */
-        CERT_DestroyCertificate(cert);
-	SECKEY_DestroyPrivateKey(privKey);
-	return SECWouldBlock;
+    if (!cert || force) {
+	/* now, then it's safe for the key to go away */
+	rv = PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID);
+    }
+    if (cert) {
+	CERT_DestroyCertificate(cert);
     }
-    /* now, then it's safe for the key to go away */
-    PK11_DestroyTokenObject(privKey->pkcs11Slot,privKey->pkcs11ID);
     SECKEY_DestroyPrivateKey(privKey);
-    return SECSuccess;
+    return rv;
 }
 
 /*
author	nelson%bolyard.com <devnull@localhost>	2007-01-13 23:39:03 +0000
committer	nelson%bolyard.com <devnull@localhost>	2007-01-13 23:39:03 +0000
commit	3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e (patch)
tree	a75a5e1237c29649bba24f01aee5e8e42c7bc5d5
parent	62c9797643d75850e47bf6fdd9f30d95a1ad6874 (diff)
download	nss-hg-3c3682c0a0d6a0f5f0ee858508f9c2aee8489f7e.tar.gz