diff options
| author | rrelyea%redhat.com <devnull@localhost> | 2008-03-14 18:07:20 +0000 |
|---|---|---|
| committer | rrelyea%redhat.com <devnull@localhost> | 2008-03-14 18:07:20 +0000 |
| commit | 7740578cd3bf332308c2136ef6ac99c59b3d320d (patch) | |
| tree | af330b9c67a09e9dc4f9dbe569f197d8bc56e252 | |
| parent | 3126c5a9c394cb669391e41bf788cff8582679ee (diff) | |
| download | nss-hg-7740578cd3bf332308c2136ef6ac99c59b3d320d.tar.gz | |
bug 418546 reference leak in CERT_PKIXVerifyCert
r=nelson (& alexi).
| -rw-r--r-- | security/nss/lib/certhigh/certvfypkix.c | 45 |
1 files changed, 40 insertions, 5 deletions
diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index 5dd1307ef..d099e89ab 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -1004,7 +1004,9 @@ cert_GetBuildResults( PKIX_TrustAnchor *trustAnchor = NULL; PKIX_PL_Cert *trustedCert = NULL; PKIX_List *pkixCertChain = NULL; +#ifdef DEBUG_volkov PKIX_Error *tmpPkixError = NULL; +#endif /* DEBUG */ PKIX_ENTER(CERTVFYPKIX, "cert_GetBuildResults"); if (buildResult == NULL && error == NULL) { @@ -1273,11 +1275,19 @@ cleanup: if (certSelector != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)certSelector, plContext); + if (error != NULL) { + SECErrorCodes nssErr; + + cert_PkixErrorToNssCode(error, &nssErr, plContext); + PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); + PORT_SetError(nssErr); + } + return r; } -PKIX_List * -CERT_GetCertStores(void *plContext) +static PKIX_List * +cert_GetCertStores(void *plContext) { PKIX_CertStore *certStore = NULL; PKIX_List *certStores = NULL; @@ -1304,6 +1314,14 @@ cleanup: if (certStore != NULL) PKIX_PL_Object_DecRef((PKIX_PL_Object *)certStore, plContext); + if (error != NULL) { + SECErrorCodes nssErr; + + cert_PkixErrorToNssCode(error, &nssErr, plContext); + PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext); + PORT_SetError(nssErr); + } + return r; } @@ -1366,7 +1384,10 @@ PKIX_List *cert_PKIXMakeOIDList(const SECOidTag *oids, int oidCount, void *plCon PKIX_Error *error = NULL; int i; - PKIX_List_Create(&policyList, plContext); + error = PKIX_List_Create(&policyList, plContext); + if (error != NULL) { + goto cleanup; + } for (i=0; i<oidCount; i++) { policyOID = CERT_PKIXOIDFromNSSOid(oids[i],plContext); @@ -1449,6 +1470,11 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, policyOIDList = cert_PKIXMakeOIDList(param->value.array.oids, param->value.arraySize,plContext); + if (policyOIDList == NULL) { + r = SECFailure; + PORT_SetError(SEC_ERROR_INVALID_ARGS); + break; + } error = PKIX_ProcessingParams_SetInitialPolicies( procParams,policyOIDList,plContext); @@ -1457,6 +1483,10 @@ cert_pkixSetParam(PKIX_ProcessingParams *procParams, case cert_pi_date: if (param->value.scalar.time == 0) { error = PKIX_PL_Date_Create_UTCTime(NULL, &date, plContext); + if (error != NULL) { + errCode = SEC_ERROR_INVALID_TIME; + break; + } } else { error = pkix_pl_Date_CreateFromPRTime(param->value.scalar.time, &date, plContext); @@ -1657,7 +1687,6 @@ SECStatus CERT_PKIXVerifyCert( PKIX_VerifyNode * verifyNode = NULL; PKIX_TrustAnchor * trustAnchor = NULL; PKIX_PL_Cert * trustAnchorCert = NULL; - CERTValInParam * param = NULL; CERTValOutParam * oparam = NULL; int i=0; @@ -1702,13 +1731,19 @@ SECStatus CERT_PKIXVerifyCert( certSelector = cert_GetTargetCertConstraints(cert, plContext); + if (certSelector == NULL) { + goto cleanup; + } error = PKIX_ProcessingParams_SetTargetCertConstraints (procParams, certSelector, plContext); if (error != NULL) { goto cleanup; } - certStores = CERT_GetCertStores(plContext); + certStores = cert_GetCertStores(plContext); + if (certStores == NULL) { + goto cleanup; + } error = PKIX_ProcessingParams_SetCertStores (procParams, certStores, plContext); if (error != NULL) { |