fix bugs in cert import with smart card cache

6 files changed, 9 insertions, 5 deletions

diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index ef9b04e1a..bad67e40c 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -174,6 +174,7 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
 	return SECFailure;
     }
     nssPKIObject_AddInstance(&c->object, permInstance);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
     /* reset the CERTCertificate fields */
     cert->nssCertificate = NULL;
     cert = STAN_GetCERTCertificate(c); /* will return same pointer */
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c
index cc1324b85..630db5740 100644
--- a/security/nss/lib/dev/devtoken.c
+++ b/security/nss/lib/dev/devtoken.c
@@ -1029,8 +1029,7 @@ nssToken_ImportTrust
     /* import the trust object onto the token */
     object = import_object(tok, sessionOpt, trust_tmpl, tsize);
     if (object && tok->cache) {
-	nssTokenObjectCache_ImportObject(tok->cache, object,
-	                                 CKO_CERTIFICATE,
+	nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
 	                                 trust_tmpl, tsize);
     }
     return object;
@@ -1167,8 +1166,7 @@ nssToken_ImportCRL
     /* import the crl object onto the token */
     object = import_object(token, sessionOpt, crl_tmpl, crlsize);
     if (object && token->cache) {
-	nssTokenObjectCache_ImportObject(token->cache, object,
-	                                 CKO_CERTIFICATE,
+	nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
 	                                 crl_tmpl, crlsize);
     }
     return object;
diff --git a/security/nss/lib/dev/devutil.c b/security/nss/lib/dev/devutil.c
index 7c516e144..ec6e562a1 100644
--- a/security/nss/lib/dev/devutil.c
+++ b/security/nss/lib/dev/devutil.c
@@ -1238,6 +1238,7 @@ make_object_and_attr
 	goto loser;
     }
     for (i=0; i<otlen; i++) {
+	oa->attributes[i].type = ot[i].type;
 	oa->attributes[i].pValue = nss_ZAlloc(arena, ot[i].ulValueLen);
 	if (!oa->attributes[i].pValue) {
 	    goto loser;
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index fb7203d3e..bf1e74450 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1736,6 +1736,7 @@ done:
      * CERTCertificate, and finish
      */
     nssPKIObject_AddInstance(&c->object, certobj);
+    nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
     (void)STAN_ForceCERTCertificateUpdate(c);
     SECITEM_FreeItem(keyID,PR_TRUE);
     return SECSuccess;
diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
index 49c620f31..170c4f50a 100644
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@@ -506,6 +506,9 @@ static PRBool is_user_cert(NSSCertificate *c, CERTCertificate *cc)
     PRBool isUser = PR_FALSE;
     nssCryptokiObject **ip;
     nssCryptokiObject **instances = nssPKIObject_GetInstances(&c->object);
+    if (!instances) {
+	return PR_FALSE;
+    }
     for (ip = instances; *ip; ip++) {
 	nssCryptokiObject *instance = *ip;
 	if (PK11_IsUserCert(instance->token->pk11slot, cc, instance->handle)) {
diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c
index 8e575dc08..0adc08e06 100644
--- a/security/nss/lib/pki/tdcache.c
+++ b/security/nss/lib/pki/tdcache.c
@@ -823,7 +823,7 @@ add_cert_to_cache
 	}
 #endif
     }
-    nssCertificate_AddRef(cert);
+    rvCert = nssCertificate_AddRef(cert);
     PZ_Unlock(td->cache->lock);
     return rvCert;
 loser: