b=99052 r=nelsonb a=asa on irc

Fix crash in NSS during SSL handshake

1 files changed, 35 insertions, 14 deletions

diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c
index 807c0a9e0..ef5d49270 100644
--- a/security/nss/lib/certhigh/certvfy.c
+++ b/security/nss/lib/certhigh/certvfy.c
@@ -1556,20 +1556,41 @@ loser:
 CERTCertList *
 CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage)
 {
-    CERTCertList *chain;
-
-    if (cert != NULL) {
-	chain = CERT_NewCertList();
-	cert = CERT_DupCertificate(cert);
-	while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) 
-	       != SECEqual) {
-	    CERT_AddCertToListTail(chain, cert);
-	    cert = CERT_FindCertIssuer(cert, time, usage);
-	}
-	CERT_AddCertToListTail(chain, cert);
-	return chain;
+    CERTCertList *chain = NULL;
+
+    if (NULL == cert) {
+        return NULL;
+    }
+    
+    cert = CERT_DupCertificate(cert);
+    if (NULL == cert) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
+    }
+
+    chain = CERT_NewCertList();
+    if (NULL == chain) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
     }
-    return NULL;
-}
 
+    while (cert != NULL) {
+	if (SECSuccess != CERT_AddCertToListTail(chain, cert)) {
+            /* return partial chain */
+            PORT_SetError(SEC_ERROR_NO_MEMORY);
+            return chain;
+        }
 
+	if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject)
+	    == SECEqual) {
+            /* return complete chain */
+	    return chain;
+	}
+
+	cert = CERT_FindCertIssuer(cert, time, usage);
+    }
+
+    /* return partial chain */
+    PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER);
+    return chain;
+}