diff options
| author | jpierre%netscape.com <devnull@localhost> | 2003-04-17 02:03:39 +0000 |
|---|---|---|
| committer | jpierre%netscape.com <devnull@localhost> | 2003-04-17 02:03:39 +0000 |
| commit | db11c3e6a1b4e2abb69543ee5ff25894527300cb (patch) | |
| tree | a4fac5acd4f4518e92ed85f4404b3c38e89d5337 | |
| parent | 8b090ac5c1810093324d3f0f00574e82bfd6a48e (diff) | |
| download | nss-hg-db11c3e6a1b4e2abb69543ee5ff25894527300cb.tar.gz | |
Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb
| -rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 15 | ||||
| -rw-r--r-- | security/nss/lib/ssl/sslcon.c | 16 |
2 files changed, 31 insertions, 0 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 51ddd58f3..8d3106a9c 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -5127,6 +5127,21 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length) break; /* not an error */ case SECSuccess: + /* check what the callback function returned */ + if ((!ssl3->clientCertificate) || (!ssl3->clientPrivateKey)) { + /* we are missing either the key or cert */ + if (ssl3->clientCertificate) { + /* got a cert, but no key - free it */ + CERT_DestroyCertificate(ssl3->clientCertificate); + ssl3->clientCertificate = NULL; + } + if (ssl3->clientPrivateKey) { + /* got a key, but no cert - free it */ + SECKEY_DestroyPrivateKey(ssl3->clientPrivateKey); + ssl3->clientPrivateKey = NULL; + } + goto send_no_certificate; + } /* Setting ssl3->clientCertChain non-NULL will cause * ssl3_HandleServerHelloDone to call SendCertificate. */ diff --git a/security/nss/lib/ssl/sslcon.c b/security/nss/lib/ssl/sslcon.c index cce73d225..e373fa28b 100644 --- a/security/nss/lib/ssl/sslcon.c +++ b/security/nss/lib/ssl/sslcon.c @@ -2344,6 +2344,22 @@ ssl2_HandleRequestCertificate(sslSocket *ss) goto no_cert_error; } + /* check what the callback function returned */ + if ((!cert) || (!key)) { + /* we are missing either the key or cert */ + if (cert) { + /* got a cert, but no key - free it */ + CERT_DestroyCertificate(cert); + cert = NULL; + } + if (key) { + /* got a key, but no cert - free it */ + SECKEY_DestroyPrivateKey(key); + key = NULL; + } + goto no_cert_error; + } + rv = ssl2_SignResponse(ss, key, &response); if ( rv != SECSuccess ) { ret = -1; |