diff options
author | Marcus Burghardt <mburghardt@mozilla.com> | 2019-11-04 23:01:14 +0000 |
---|---|---|
committer | Marcus Burghardt <mburghardt@mozilla.com> | 2019-11-04 23:01:14 +0000 |
commit | 890b8f5bf7bb73c98167ea8085e93c75ceee55a2 (patch) | |
tree | 150c2299f68ad172c059af01e0dc999c9c097a2a | |
parent | 194c99bb722a3f74a7784af005f2b1ee33f34ef1 (diff) | |
download | nss-hg-890b8f5bf7bb73c98167ea8085e93c75ceee55a2.tar.gz |
Bug 1590495 - Crash in PK11_MakeCertFromHandle->pk11_fastCert. r=jcj
Fixed controls to avoid crashes caused by slots possibly without a token in pk11_fastCert.
Also, improved arguments controls in PK11_MakeCertFromHandle.
Differential Revision: https://phabricator.services.mozilla.com/D51406
-rw-r--r-- | lib/pk11wrap/pk11cert.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 122fe43da..655c5f970 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -245,7 +245,7 @@ pk11_fastCert(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, /* Get the cryptoki object from the handle */ token = PK11Slot_GetNSSToken(slot); - if (token->defaultSession) { + if (token && token->defaultSession) { co = nssCryptokiObject_Create(token, token->defaultSession, certID); } else { PORT_SetError(SEC_ERROR_NO_TOKEN); @@ -307,9 +307,15 @@ PK11_MakeCertFromHandle(PK11SlotInfo *slot, CK_OBJECT_HANDLE certID, CERTCertificate *cert = NULL; CERTCertTrust *trust; + if (slot == NULL || certID == CK_INVALID_HANDLE) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return NULL; + } + cert = pk11_fastCert(slot, certID, privateLabel, &nickname); - if (cert == NULL) + if (cert == NULL) { goto loser; + } if (nickname) { if (cert->nickname != NULL) { |