diff options
author | ian.mcgreer%sun.com <devnull@localhost> | 2002-09-27 21:23:00 +0000 |
---|---|---|
committer | ian.mcgreer%sun.com <devnull@localhost> | 2002-09-27 21:23:00 +0000 |
commit | 787963c640c795c1279599ff7f4ca54a4d794752 (patch) | |
tree | 9c9472e92a42d1e7d8c79807b35865b92f48c6a3 | |
parent | 5f79e28b11ac305d7313f7b14cfe4b7f992cb585 (diff) | |
download | nss-hg-787963c640c795c1279599ff7f4ca54a4d794752.tar.gz |
bug 171198, leak moving temp cert to perm; add force parameter
r=wtc,relyea
-rw-r--r-- | security/nss/lib/certdb/stanpcertdb.c | 4 | ||||
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 2 | ||||
-rw-r--r-- | security/nss/lib/pki/pkistore.c | 5 | ||||
-rw-r--r-- | security/nss/lib/pki/pkistore.h | 3 |
4 files changed, 8 insertions, 6 deletions
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c index 6226ed923..895f3fcce 100644 --- a/security/nss/lib/certdb/stanpcertdb.c +++ b/security/nss/lib/certdb/stanpcertdb.c @@ -157,7 +157,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname, stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, c->object.arena); } /* Delete the temp instance */ - nssCertificateStore_Remove(context->certStore, c); + nssCertificateStore_Remove(context->certStore, c, PR_TRUE); c->object.cryptoContext = NULL; /* Import the perm instance onto the internal token */ slot = PK11_GetInternalKeySlot(); @@ -607,7 +607,7 @@ CERT_DestroyCertificate(CERTCertificate *cert) if (refCount == 2) { NSSCryptoContext *cc = tmp->object.cryptoContext; if (cc != NULL) { - nssCertificateStore_Remove(cc->certStore, tmp); + nssCertificateStore_Remove(cc->certStore, tmp, PR_FALSE); } else { nssTrustDomain_RemoveCertFromCache(td, tmp); } diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index b980bedda..387e3a41c 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -1742,7 +1742,7 @@ done: if (c->object.cryptoContext) { /* Delete the temp instance */ - nssCertificateStore_Remove(c->object.cryptoContext->certStore, c); + nssCertificateStore_Remove(c->object.cryptoContext->certStore, c, PR_TRUE); c->object.cryptoContext = NULL; cert->istemp = PR_FALSE; cert->isperm = PR_TRUE; diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c index 1fe90c994..2109978a9 100644 --- a/security/nss/lib/pki/pkistore.c +++ b/security/nss/lib/pki/pkistore.c @@ -308,13 +308,14 @@ remove_subject_entry ( NSS_IMPLEMENT void nssCertificateStore_Remove ( nssCertificateStore *store, - NSSCertificate *cert + NSSCertificate *cert, + PRBool force /* described in bug 171198 */ ) { certificate_hash_entry *entry; PZ_Lock(store->lock); #ifdef NSS_3_4_CODE - if (cert->object.refCount > 2) { + if (!force && cert->object.refCount > 2) { /* This continues the hack described in CERT_DestroyCertificate. * Because NSS 3.4 maintains a single, global, crypto context, * certs must be explicitly removed from it when there are no diff --git a/security/nss/lib/pki/pkistore.h b/security/nss/lib/pki/pkistore.h index a13186118..ce4c96099 100644 --- a/security/nss/lib/pki/pkistore.h +++ b/security/nss/lib/pki/pkistore.h @@ -89,7 +89,8 @@ NSS_EXTERN void nssCertificateStore_Remove ( nssCertificateStore *store, - NSSCertificate *cert + NSSCertificate *cert, + PRBool force /* described in bug 171198 */ ); NSS_EXTERN NSSCertificate ** |