summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralexei.volkov.bugs%sun.com <devnull@localhost>2007-12-19 00:41:59 +0000
committeralexei.volkov.bugs%sun.com <devnull@localhost>2007-12-19 00:41:59 +0000
commitf063dea25daf6421b48000efd2e8e6f10f6c2f62 (patch)
tree71a2a8795a830206eebaedd9229941506178c8bb
parent50ce7c2fc3ef8f011aeb57a6d6994d0859460ca6 (diff)
downloadnss-hg-f063dea25daf6421b48000efd2e8e6f10f6c2f62.tar.gz
397832 - libpkix leaks memory if a macro calls a function that returns an error.r=nelson
Diffstat
-rw-r--r--security/nss/lib/certhigh/certvfypkixprint.c3
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/certsel/pkix_certselector.c3
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_build.c47
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/top/pkix_validate.c19
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix/util/pkix_tools.h1
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c21
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c71
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c14
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c2
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c2
-rw-r--r--security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c7
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c10
-rwxr-xr-xsecurity/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c5
13 files changed, 104 insertions, 101 deletions
diff --git a/security/nss/lib/certhigh/certvfypkixprint.c b/security/nss/lib/certhigh/certvfypkixprint.c
index a52e82d44..1d59310a9 100644
--- a/security/nss/lib/certhigh/certvfypkixprint.c
+++ b/security/nss/lib/certhigh/certvfypkixprint.c
@@ -74,7 +74,8 @@ cleanup:
}
if (errorResult){
- return (NULL);
+ PKIX_PL_Object_DecRef((PKIX_PL_Object*)errorResult, plContext);
+ return (NULL);
}
return (asciiString);
diff --git a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
index 634867c15..eac60410b 100755
--- a/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
+++ b/security/nss/lib/libpkix/pkix/certsel/pkix_certselector.c
@@ -1218,8 +1218,9 @@ pkix_CertSelector_DefaultMatch(
PKIX_NULLCHECK_THREE(selector, cert, pResult);
*pResult = PKIX_TRUE;
+
+ PKIX_INCREF(selector->params);
params = selector->params;
- PKIX_INCREF(params);
if (params == NULL){
goto cleanup;
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c
index 67f991cb6..a7c8dc785 100755
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c
@@ -1610,11 +1610,12 @@ pkix_Build_ValidateEntireChain(
PKIX_VALIDATERESULTCREATEFAILED);
*pValResult = valResult;
+ valResult = NULL;
cleanup:
-
PKIX_DECREF(subjPubKey);
PKIX_DECREF(policyTree);
+ PKIX_DECREF(valResult);
PKIX_RETURN(BUILD);
}
@@ -1806,8 +1807,6 @@ pkix_Build_CombineWithTrust(
PKIX_UInt32 tolistIx = 0;
PKIX_PL_Object *fObject = NULL;
PKIX_PL_Object *tObject = NULL;
- PKIX_PL_Cert *fCert = NULL;
- PKIX_PL_Cert *tCert = NULL;
PKIX_ENTER(BUILD, "pkix_Build_CombineWithTrust");
PKIX_NULLCHECK_TWO(fromList, toList);
@@ -1843,12 +1842,12 @@ pkix_Build_CombineWithTrust(
(tObject, PKIX_CERT_TYPE, plContext),
PKIX_OBJECTNOTCERT);
- tCert = (PKIX_PL_Cert *)tObject;
PKIX_CHECK(PKIX_PL_Cert_IsCertTrusted
- (tCert, &trusted, plContext),
+ ((PKIX_PL_Cert *)tObject, &trusted,
+ plContext),
PKIX_CERTISCERTTRUSTEDFAILED);
- /* If tCert is trusted, keep it. */
+ /* If tObject is a trusted cert, keep it. */
if (trusted == PKIX_TRUE) {
PKIX_DECREF(tObject);
break;
@@ -1858,12 +1857,12 @@ pkix_Build_CombineWithTrust(
(fObject, PKIX_CERT_TYPE, plContext),
PKIX_OBJECTNOTCERT);
- fCert = (PKIX_PL_Cert *)fObject;
PKIX_CHECK(PKIX_PL_Cert_IsCertTrusted
- (fCert, &trusted, plContext),
+ ((PKIX_PL_Cert *)fObject, &trusted,
+ plContext),
PKIX_CERTISCERTTRUSTEDFAILED);
- /* If fCert is trusted, replace tCert. */
+ /* If fObject is a trusted cert, replace it. */
if (trusted == PKIX_TRUE) {
PKIX_CHECK(PKIX_List_SetItem
(toList,
@@ -2144,8 +2143,8 @@ pkix_Build_UpdateDate(
PKIX_CERTGETVALIDITYNOTAFTERFAILED);
if (state->validityDate == NULL) {
- PKIX_INCREF(notAfter);
state->validityDate = notAfter;
+ notAfter = NULL;
} else {
PKIX_CHECK(PKIX_PL_Object_Compare
((PKIX_PL_Object *)state->validityDate,
@@ -2155,8 +2154,8 @@ pkix_Build_UpdateDate(
PKIX_OBJECTCOMPARATORFAILED);
if (comparison > 0) {
PKIX_DECREF(state->validityDate);
- PKIX_INCREF(notAfter);
state->validityDate = notAfter;
+ notAfter = NULL;
}
}
}
@@ -2543,6 +2542,7 @@ pkix_BuildForwardDepthFirstSearch(
}
#endif
+ PKIX_DECREF(state->candidateCerts);
state->candidateCerts = filteredCerts;
filteredCerts = NULL;
@@ -2817,10 +2817,12 @@ pkix_BuildForwardDepthFirstSearch(
if (!PKIX_ERROR_RECEIVED) {
*pValResult = valResult;
+ valResult = NULL;
/* Change state so IsIOPending is FALSE */
state->status = BUILD_CHECKTRUSTED;
goto cleanup;
}
+ PKIX_DECREF(trustAnchor);
}
/*
@@ -2998,6 +3000,7 @@ pkix_BuildForwardDepthFirstSearch(
PKIX_DECREF(state->revCheckers);
if (!PKIX_ERROR_RECEIVED) {
*pValResult = valResult;
+ valResult = NULL;
if (state->verifyNode != NULL) {
PKIX_CHECK_FATAL
(pkix_VerifyNode_AddToTree
@@ -3115,7 +3118,9 @@ pkix_BuildForwardDepthFirstSearch(
PKIX_DECREF(certSelParams);
childState->verifyNode = verifyNode;
verifyNode = NULL;
+ PKIX_DECREF(state);
state = childState; /* state->status == BUILD_INITIAL */
+ childState = NULL;
continue; /* with while (!outOfOptions) */
}
@@ -3207,11 +3212,14 @@ pkix_BuildForwardDepthFirstSearch(
PKIX_CHECK(PKIX_List_DeleteItem
(state->trustChain, numChained - 1, plContext),
PKIX_LISTDELETEITEMFAILED);
+ PKIX_INCREF(state->parentState);
parentState = state->parentState;
+ PKIX_DECREF(verifyNode);
verifyNode = state->verifyNode;
state->verifyNode = NULL;
PKIX_DECREF(state);
state = parentState;
+ parentState = NULL;
if (state->verifyNode != NULL) {
PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
(state->verifyNode,
@@ -3262,11 +3270,14 @@ cleanup:
if (ioPending == PKIX_FALSE) {
while (state->parentState) {
+ PKIX_INCREF(state->parentState);
parentState = state->parentState;
+ PKIX_DECREF(verifyNode);
verifyNode = state->verifyNode;
state->verifyNode = NULL;
PKIX_DECREF(state);
state = parentState;
+ parentState = NULL;
if (state->verifyNode != NULL) {
PKIX_CHECK_FATAL(pkix_VerifyNode_AddToTree
(state->verifyNode,
@@ -3282,10 +3293,15 @@ cleanup:
validityDate = NULL;
}
*pState = state;
+ state = NULL;
pkixErrorResult = verifyError;
verifyError = NULL;
fatal:
+ PKIX_DECREF(state);
+ PKIX_DECREF(parentState);
+ PKIX_DECREF(childState);
+ PKIX_DECREF(valResult);
PKIX_DECREF(verifyError);
PKIX_DECREF(verifyNode);
PKIX_DECREF(candidatePubKey);
@@ -3298,7 +3314,9 @@ fatal:
PKIX_DECREF(validityDate);
PKIX_DECREF(crlCheckerState);
PKIX_DECREF(currTime);
+ PKIX_DECREF(filteredCerts);
PKIX_DECREF(unfilteredCerts);
+ PKIX_DECREF(trustedCert);
PKIX_RETURN(BUILD);
}
@@ -3606,7 +3624,7 @@ pkix_Build_CheckInCache(
PKIX_DECREF(state->revCheckers);
if (!PKIX_ERROR_RECEIVED) {
- /* The result from cache is still valid. */
+ /* The result from cache is still valid. But we replace an old*/
*pBuildResult = buildResult;
buildResult = NULL;
stillValid = PKIX_TRUE;
@@ -4320,6 +4338,7 @@ PKIX_BuildChain(
*pNBIOContext = nbioContext;
*pState = state;
+ state = NULL;
*pBuildResult = NULL;
/* no buildResult means the build has failed */
@@ -4344,12 +4363,14 @@ PKIX_BuildChain(
PKIX_CACHECERTCHAINADDFAILED);
}
- PKIX_DECREF(state);
*pState = NULL;
*pBuildResult = buildResult;
+ buildResult = NULL;
}
cleanup:
+ PKIX_DECREF(buildResult);
+ PKIX_DECREF(state);
PKIX_RETURN(BUILD);
}
diff --git a/security/nss/lib/libpkix/pkix/top/pkix_validate.c b/security/nss/lib/libpkix/pkix/top/pkix_validate.c
index f70e0fa39..f964997cf 100755
--- a/security/nss/lib/libpkix/pkix/top/pkix_validate.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_validate.c
@@ -928,6 +928,7 @@ pkix_CheckChain(
revChecking = *pRevChecking;
for (j = *pCertCheckedIndex; j < numCerts; j++) {
+
PKIX_CHECK(PKIX_List_GetItem
(certs, j, (PKIX_PL_Object **)&cert, plContext),
PKIX_LISTGETITEMFAILED);
@@ -1025,17 +1026,19 @@ pkix_CheckChain(
*pNBIOContext = NULL;
cleanup:
-
if (PKIX_ERROR_RECEIVED) {
- checkCertError = pkixErrorResult;
- }
-
- if (checkCertError) {
- pkixTempResult = pkix_AddToVerifyLog
- (cert, j, checkCertError, pVerifyTree, plContext);
- pkixErrorResult = checkCertError;
+ pkixErrorReceived = PKIX_TRUE;
+ pkixErrorCode = pkixErrorResult->errCode;
+ checkCertError = pkixErrorResult;
+
+ PKIX_CHECK_FATAL(
+ pkix_AddToVerifyLog(cert, j, checkCertError, pVerifyTree,
+ plContext),
+ PKIX_ADDTOVERIFYLOGFAILED);
}
+fatal:
+ PKIX_DECREF(checkCertError);
PKIX_DECREF(cert);
PKIX_RETURN(VALIDATE);
diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h
index 4475eacfc..86c2cb467 100755
--- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h
+++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h
@@ -409,6 +409,7 @@ extern const PKIX_StdVars zeroStdVars;
((PKIX_PL_Object *)(obj), plContext); \
if (pkixTempResult) { \
PKIX_DoAddError(&stdVars, pkixTempResult, plContext); \
+ pkixTempResult = NULL; \
goto cleanup; \
} \
} \
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
index 766c27c9c..fad7b4c0c 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c
@@ -377,20 +377,23 @@ pkix_pl_AIAMgr_GetHTTPCerts(
plContext),
PKIX_HTTPCERTSTOREPROCESSCERTRESPONSEFAILED);
- PKIX_DECREF(aiaMgr->client.hdata.requestSession);
- PKIX_DECREF(aiaMgr->client.hdata.serverSession);
- aiaMgr->client.hdata.httpClient = 0; /* not an object */
-
} else {
PKIX_ERROR(PKIX_UNSUPPORTEDVERSIONOFHTTPCLIENT);
}
cleanup:
- if (PKIX_ERROR_RECEIVED) {
- PKIX_DECREF(aiaMgr->client.hdata.requestSession);
- PKIX_DECREF(aiaMgr->client.hdata.serverSession);
- aiaMgr->client.hdata.httpClient = 0; /* not an object */
- }
+ if (aiaMgr) {
+ PKIX_DECREF(aiaMgr->client.hdata.requestSession);
+ PKIX_DECREF(aiaMgr->client.hdata.serverSession);
+ aiaMgr->client.hdata.httpClient = 0; /* callback fn */
+ }
+
+ PKIX_DECREF(location);
+ PKIX_DECREF(locationString);
+
+ if (locationAscii) {
+ PORT_Free(locationAscii);
+ }
PKIX_RETURN(AIAMGR);
}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
index 91ab74cf9..2bd695e21 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldapcertstore.c
@@ -81,8 +81,6 @@ pkix_pl_LdapCertStore_DecodeCrossCertPair(
void *plContext)
{
LDAPCertPair certPair = {{ siBuffer, NULL, 0 }, { siBuffer, NULL, 0 }};
- CERTCertificate *nssCert = NULL;
- PKIX_PL_Cert *cert = NULL;
SECStatus rv = SECFailure;
PRArenaPool *tempArena = NULL;
@@ -90,72 +88,37 @@ pkix_pl_LdapCertStore_DecodeCrossCertPair(
PKIX_ENTER(CERTSTORE, "pkix_pl_LdapCertStore_DecodeCrossCertPair");
PKIX_NULLCHECK_TWO(derCCPItem, certList);
- PKIX_PL_NSSCALLRV(CERTSTORE, tempArena, PORT_NewArena,
- (DER_DEFAULT_CHUNKSIZE));
-
- PKIX_PL_NSSCALLRV(CERTSTORE, rv, SEC_ASN1DecodeItem,
- (tempArena,
- &certPair,
- PKIX_PL_LDAPCrossCertPairTemplate,
- derCCPItem));
+ tempArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (!tempArena) {
+ PKIX_ERROR(PKIX_PORTNEWARENAFAILED);
+ }
+ rv = SEC_ASN1DecodeItem(tempArena, &certPair, PKIX_PL_LDAPCrossCertPairTemplate,
+ derCCPItem);
if (rv != SECSuccess) {
goto cleanup;
}
if (certPair.forward.data != NULL) {
- PKIX_PL_NSSCALLRV
- (CERTSTORE, nssCert, CERT_DecodeDERCertificate,
- (&certPair.forward, PR_TRUE, NULL));
-
- if (nssCert) {
- PKIX_CHECK_ONLY_FATAL(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- /* skip bad certs and append good ones */
- if (!PKIX_ERROR_RECEIVED) {
- PKIX_CHECK(PKIX_List_AppendItem
- (certList,
- (PKIX_PL_Object *) cert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(cert);
- }
+ PKIX_CHECK(
+ pkix_pl_Cert_CreateToList(&certPair.forward, certList,
+ plContext),
+ PKIX_CERTCREATETOLISTFAILED);
}
if (certPair.reverse.data != NULL) {
- PKIX_PL_NSSCALLRV
- (CERTSTORE, nssCert, CERT_DecodeDERCertificate,
- (&certPair.reverse, PR_TRUE, NULL));
-
- if (nssCert) {
- PKIX_CHECK_ONLY_FATAL(pkix_pl_Cert_CreateWithNSSCert
- (nssCert, &cert, plContext),
- PKIX_CERTCREATEWITHNSSCERTFAILED);
-
- /* skip bad certs and append good ones */
- if (!PKIX_ERROR_RECEIVED) {
- PKIX_CHECK(PKIX_List_AppendItem
- (certList,
- (PKIX_PL_Object *) cert,
- plContext),
- PKIX_LISTAPPENDITEMFAILED);
- }
-
- PKIX_DECREF(cert);
- }
+ PKIX_CHECK(
+ pkix_pl_Cert_CreateToList(&certPair.reverse, certList,
+ plContext),
+ PKIX_CERTCREATETOLISTFAILED);
}
cleanup:
-
- PKIX_PL_NSSCALL(CERTSTORE, PORT_FreeArena, (tempArena, PR_FALSE));
-
- PKIX_DECREF(cert);
+ if (tempArena) {
+ PORT_FreeArena(tempArena, PR_FALSE);
+ }
PKIX_RETURN(CERTSTORE);
}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
index 54ef705d9..3b5ce65ee 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_pk11certstore.c
@@ -426,15 +426,11 @@ pkix_pl_Pk11CertStore_CrlQuery(
* the end of the list. If failure,
* no CRLs were appended.
*/
- PKIX_PL_NSSCALLRV
- (CERTSTORE, rv, AcquireDPCache,
- (NULL,
- nameItem,
- NULL,
- 0,
- wincx,
- &dpcache,
- &writeLocked));
+ rv = AcquireDPCache(NULL, nameItem, NULL, 0,
+ wincx, &dpcache, &writeLocked);
+ if (rv == SECFailure) {
+ PKIX_ERROR(PKIX_FETCHINGCACHEDCRLFAILED);
+ }
PKIX_PL_NSSCALLRV
(CERTSTORE, rv, DPCache_GetAllCRLs,
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
index c10d515e8..97f5e934e 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyinfo.c
@@ -96,8 +96,10 @@ pkix_pl_CertPolicyInfo_Create(
policyInfo->policyQualifiers = qualifiers;
*pObject = policyInfo;
+ policyInfo = NULL;
cleanup:
+ PKIX_DECREF(policyInfo);
PKIX_RETURN(CERTPOLICYINFO);
}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
index f4cec00d3..a2ebc99aa 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicyqualifier.c
@@ -93,8 +93,10 @@ pkix_pl_CertPolicyQualifier_Create(
qual->qualifier = qualifier;
*pObject = qual;
+ qual = NULL;
cleanup:
+ PKIX_DECREF(qual);
PKIX_RETURN(CERTPOLICYQUALIFIER);
}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
index d50aa18f4..0b7aa43b7 100644
--- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_infoaccess.c
@@ -105,8 +105,10 @@ pkix_pl_InfoAccess_Create(
infoAccess->location = generalName;
*pInfoAccess = infoAccess;
+ infoAccess = NULL;
cleanup:
+ PKIX_DECREF(infoAccess);
PKIX_RETURN(INFOACCESS);
}
@@ -397,8 +399,6 @@ pkix_pl_InfoAccess_CreateList(
PKIX_CHECK(PKIX_List_Create(&infoAccessList, plContext),
PKIX_LISTCREATEFAILED);
- *pInfoAccessList = infoAccessList;
-
if (nssInfoAccess == NULL) {
goto cleanup;
}
@@ -474,12 +474,15 @@ pkix_pl_InfoAccess_CreateList(
plContext),
PKIX_LISTAPPENDITEMFAILED);
PKIX_DECREF(infoAccess);
+ PKIX_DECREF(location);
}
*pInfoAccessList = infoAccessList;
+ infoAccessList = NULL;
cleanup:
+ PKIX_DECREF(infoAccessList);
PKIX_DECREF(infoAccess);
PKIX_DECREF(location);
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
index 558d63fde..e98901c41 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_object.c
@@ -1197,7 +1197,7 @@ PKIX_PL_Object_ToString(
PKIX_PL_Object *objectHeader = NULL;
PKIX_PL_ToStringCallback func = NULL;
pkix_ClassTable_Entry entry;
- PKIX_PL_String *objectString;
+ PKIX_PL_String *objectString = NULL;
PKIX_ENTER(OBJECT, "PKIX_PL_Object_ToString");
PKIX_NULLCHECK_TWO(object, pString);
@@ -1262,6 +1262,7 @@ PKIX_PL_Object_ToString(
if (!objectHeader->stringRep){
/* save a cached copy */
objectHeader->stringRep = objectString;
+ objectString = NULL;
}
PKIX_CHECK(pkix_UnlockObject(object, plContext),
@@ -1269,10 +1270,15 @@ PKIX_PL_Object_ToString(
}
}
- PKIX_INCREF(objectHeader->stringRep);
+
*pString = objectHeader->stringRep;
+ objectHeader->stringRep = NULL;
cleanup:
+ if (objectHeader) {
+ PKIX_DECREF(objectHeader->stringRep);
+ }
+ PKIX_DECREF(objectString);
PKIX_RETURN(OBJECT);
}
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
index a1f688885..b0333a126 100755
--- a/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
+++ b/security/nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_oid.c
@@ -406,9 +406,10 @@ pkix_pl_OID_GetCriticalExtensionOIDs(
}
*pOidsList = oidsList;
-
+ oidsList = NULL;
+
cleanup:
-
+ PKIX_DECREF(oidsList);
PKIX_FREE(oidAscii);
PKIX_DECREF(pkixOID);
PKIX_RETURN(OID);
View Lorry Controller Status