Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj

Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert.
Also, improved arguments controls in PK11_MakeCertFromHandle.

Differential Revision: https://phabricator.services.mozilla.com/D51406

1 files changed, 8 insertions, 2 deletions

diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
index 122fe43da..655c5f970 100644
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -245,7 +245,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
 
     /* Get the cryptoki object from the handle */
     token = PK11Slot_GetNSSToken(slot);
-    if (token->defaultSession) {
+    if (token && token->defaultSession) {
         co = nssCryptokiObject_Create(token, token->defaultSession, certID);
     } else {
         PORT_SetError(SEC_ERROR_NO_TOKEN);
@@ -307,9 +307,15 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID,
     CERTCertificate *cert = NULL;
     CERTCertTrust *trust;
 
+    if (slot == NULL || certID == CK_INVALID_HANDLE) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return NULL;
+    }
+
     cert = pk11_fastCert(slot, certID, privateLabel, &nickname);
-    if (cert == NULL)
+    if (cert == NULL) {
         goto loser;
+    }
 
     if (nickname) {
         if (cert->nickname != NULL) {