bug 338058, Upgrade to NSS 3.11.2 second pre-release

r=wtchang, a=wtchang

12 files changed, 34 insertions, 50 deletions

diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
index 7cd308c0a..0c30f3a26 100644
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@@ -2784,6 +2784,8 @@ SECStatus CERT_UncacheCRL(CERTCertDBHandle* dbhandle, SECItem* olddercrl)
             }
             
             DPCache_UnlockWrite();
+
+            rv = CachedCrl_Destroy(returned);
         }
 
         ReleaseDPCache(cache, writeLocked);
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
index ae5c15a11..ea04bb075 100644
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@@ -819,18 +819,13 @@ certdb_SaveSingleProfile(CERTCertificate *cert, const char *emailAddr,
 		NSSItem profTime, profData;
 		NSSItem *pprofTime, *pprofData;
 		NSSITEM_FROM_SECITEM(&subject, &cert->derSubject);
-		if (profileTime) {
-		    NSSITEM_FROM_SECITEM(&profTime, profileTime);
-		    pprofTime = &profTime;
-		} else {
-		    pprofTime = NULL;
-		}
-		if (emailProfile) {
-		    NSSITEM_FROM_SECITEM(&profData, emailProfile);
-		    pprofData = &profData;
-		} else {
-		    pprofData = NULL;
-		}
+
+		NSSITEM_FROM_SECITEM(&profTime, profileTime);
+		pprofTime = &profTime;
+
+		NSSITEM_FROM_SECITEM(&profData, emailProfile);
+		pprofData = &profData;
+
 		stanProfile = nssSMIMEProfile_Create(c, pprofTime, pprofData);
 		if (!stanProfile) goto loser;
 		nssrv = nssCryptoContext_ImportSMIMEProfile(cc, stanProfile);
diff --git a/security/nss/lib/certdb/xauthkid.c b/security/nss/lib/certdb/xauthkid.c
index 8d9df2123..8fb5a0122 100644
--- a/security/nss/lib/certdb/xauthkid.c
+++ b/security/nss/lib/certdb/xauthkid.c
@@ -119,10 +119,10 @@ CERT_DecodeAuthKeyID (PRArenaPool *arena, SECItem *encodedValue)
    
     do {
 	mark = PORT_ArenaMark (arena);
-        value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
-	value->DERAuthCertIssuer = NULL;
+	value = (CERTAuthKeyID*)PORT_ArenaZAlloc (arena, sizeof (*value));
 	if (value == NULL)
 	    break;
+	value->DERAuthCertIssuer = NULL;
         /* copy the DER into the arena, since Quick DER returns data that points
            into the DER input, which may get freed by the caller */
         rv = SECITEM_CopyItem(arena, &newEncodedValue, encodedValue);
diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
index c271c1866..12a059c76 100644
--- a/security/nss/lib/certhigh/ocsp.c
+++ b/security/nss/lib/certhigh/ocsp.c
@@ -1755,6 +1755,8 @@ ocsp_ParseURL(char *url, char **pHostname, PRUint16 *pPort, char **pPath)
 	path[len] = '\0';
     } else {
 	path = PORT_Strdup("/");
+	if (path == NULL)
+	    goto loser;
     }
 
     *pHostname = hostname;
@@ -1765,8 +1767,6 @@ ocsp_ParseURL(char *url, char **pHostname, PRUint16 *pPort, char **pPath)
 loser:
     if (hostname != NULL)
 	PORT_Free(hostname);
-    if (path != NULL)
-	PORT_Free(path);
     PORT_SetError(SEC_ERROR_CERT_BAD_ACCESS_LOCATION);
     return SECFailure;
 }
@@ -3764,8 +3764,6 @@ ocsp_InitStatusChecking(CERTCertDBHandle *handle)
     return SECSuccess;
 
 loser:
-    if (statusContext != NULL)
-	PORT_Free(statusContext);
     if (statusConfig != NULL)
 	PORT_Free(statusConfig);
     return SECFailure;
diff --git a/security/nss/lib/crmf/servget.c b/security/nss/lib/crmf/servget.c
index 165ce5924..85be9e556 100644
--- a/security/nss/lib/crmf/servget.c
+++ b/security/nss/lib/crmf/servget.c
@@ -409,7 +409,7 @@ crmf_copy_poposigningkey(PRArenaPool        *poolp,
     }
     return SECSuccess;
  loser:
-    if (destPopoSignKey && poolp == NULL) {
+    if (poolp == NULL) {
         CRMF_DestroyPOPOSigningKey(destPopoSignKey);
     }
     return SECFailure;
@@ -440,13 +440,10 @@ crmf_copy_popoprivkey(PRArenaPool     *poolp,
         rv = SECFailure;
     }
 
-    if (rv != SECSuccess) {
-        if (destPrivKey && poolp == NULL) {
-	    CRMF_DestroyPOPOPrivKey(destPrivKey);
-	}
-	return SECFailure;
+    if (rv != SECSuccess && poolp == NULL) {
+        CRMF_DestroyPOPOPrivKey(destPrivKey);
     }
-    return SECSuccess;
+    return rv;
 }
 
 static CRMFProofOfPossession*
@@ -510,10 +507,11 @@ crmf_copy_cert_req_msg(CRMFCertReqMsg *srcReqMsg)
         return NULL;
     }
     newReqMsg = PORT_ArenaZNew(poolp, CRMFCertReqMsg);
-    newReqMsg->poolp = poolp;
     if (newReqMsg == NULL) {
         goto loser;
     }
+
+    newReqMsg->poolp = poolp;
     newReqMsg->certReq = crmf_copy_cert_request(poolp, srcReqMsg->certReq);
     if (newReqMsg->certReq == NULL) {
         goto loser;
diff --git a/security/nss/lib/pk11wrap/pk11akey.c b/security/nss/lib/pk11wrap/pk11akey.c
index f63ff3b9f..9692d971f 100644
--- a/security/nss/lib/pk11wrap/pk11akey.c
+++ b/security/nss/lib/pk11wrap/pk11akey.c
@@ -1719,6 +1719,9 @@ pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg)
     SECStatus rv = SECSuccess;
     SECKEYPrivateKey *privKey;
     pk11KeyCallback *keycb = (pk11KeyCallback *) arg;
+    if (!arg) {
+        return SECFailure;
+    }
 
     privKey = PK11_MakePrivKey(slot,nullKey,PR_TRUE,keyHandle,keycb->wincx);
 
@@ -1726,7 +1729,7 @@ pk11_DoKeys(PK11SlotInfo *slot, CK_OBJECT_HANDLE keyHandle, void *arg)
 	return SECFailure;
     }
 
-    if (keycb && (keycb->callback)) {
+    if (keycb->callback) {
 	rv = (*keycb->callback)(privKey,keycb->callbackArg);
     }
 
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
index f4d6c9895..9d47fa9ef 100644
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@@ -1339,7 +1339,6 @@ pk11_AllFindCertObjectByRecipient(PK11SlotInfo **slotPtr,
     /* get them all! */
     list = PK11_GetAllTokens(CKM_INVALID_MECHANISM,PR_FALSE,PR_TRUE,wincx);
     if (list == NULL) {
-	if (list) PK11_FreeSlotList(list);
     	return CK_INVALID_HANDLE;
     }
 
diff --git a/security/nss/lib/pk11wrap/pk11pk12.c b/security/nss/lib/pk11wrap/pk11pk12.c
index 35a4cbc07..9c8afdf4e 100644
--- a/security/nss/lib/pk11wrap/pk11pk12.c
+++ b/security/nss/lib/pk11wrap/pk11pk12.c
@@ -250,7 +250,13 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
     SECStatus rv = SECFailure;
 
     temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+    if (!temparena)
+        return rv;
     pki = PORT_ArenaZNew(temparena, SECKEYPrivateKeyInfo);
+    if (!pki) {
+        PORT_FreeArena(temparena, PR_FALSE);
+        return rv;
+    }
     pki->arena = temparena;
 
     rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
@@ -263,10 +269,8 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI,
 		publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
 
 finish:
-    if( pki != NULL ) {
-	/* this zeroes the key and frees the arena */
-	SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
-    }
+    /* this zeroes the key and frees the arena */
+    SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
     return rv;
 }
         
diff --git a/security/nss/lib/softoken/dbmshim.c b/security/nss/lib/softoken/dbmshim.c
index 04c291d7f..f75f4d70d 100644
--- a/security/nss/lib/softoken/dbmshim.c
+++ b/security/nss/lib/softoken/dbmshim.c
@@ -406,14 +406,6 @@ dbs_readBlob(DBS *dbsp, DBT *data)
 loser:
     /* preserve the error code */
     error = PR_GetError();
-    if (addr) {
-	if (mapfile) {
-	    PORT_Assert(len != -1);
-	    PR_MemUnmap(addr,len);
-	} else {
-	    PORT_Free(addr);
-	}
-    }
     if (mapfile) {
 	PR_CloseFileMap(mapfile);
     }
diff --git a/security/nss/lib/softoken/keydb.c b/security/nss/lib/softoken/keydb.c
index 5dca43f40..cd3d61886 100644
--- a/security/nss/lib/softoken/keydb.c
+++ b/security/nss/lib/softoken/keydb.c
@@ -713,7 +713,6 @@ nsslowkey_UpdateKeyDBPass1(NSSLOWKEYDBHandle *handle)
     DBT key;
     DBT data;
     unsigned char version;
-    SECItem *rc4key = NULL;
     NSSLOWKEYDBKey *dbkey = NULL;
     NSSLOWKEYDBHandle *update = NULL;
     SECItem *oldSalt = NULL;
@@ -882,10 +881,6 @@ done:
 
     nsslowkey_CloseKeyDB(update);
     
-    if ( rc4key ) {
-	SECITEM_FreeItem(rc4key, PR_TRUE);
-    }
-    
     if ( oldSalt ) {
 	SECITEM_FreeItem(oldSalt, PR_TRUE);
     }
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 217060b95..586086f27 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -8019,9 +8019,9 @@ process_it:
     case content_handshake:
 	rv = ssl3_HandleHandshake(ss, databuf);
 	break;
-    case content_application_data:
-	rv = SECSuccess;
-	break;
+    /*
+    case content_application_data is handled before this switch
+    */
     default:
 	SSL_DBG(("%d: SSL3[%d]: bogus content type=%d",
 		 SSL_GETPID(), ss->fd, cText->type));
diff --git a/security/nss/lib/ssl/sslproto.h b/security/nss/lib/ssl/sslproto.h
index f96bb8da3..f94359cb4 100644
--- a/security/nss/lib/ssl/sslproto.h
+++ b/security/nss/lib/ssl/sslproto.h
@@ -165,7 +165,6 @@
 #define TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA  0x0065
 #define TLS_DHE_DSS_WITH_RC4_128_SHA            0x0066
 
-#ifdef NSS_ENABLE_ECC
 #define TLS_ECDH_ECDSA_WITH_NULL_SHA            0xC001
 #define TLS_ECDH_ECDSA_WITH_RC4_128_SHA         0xC002
 #define TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC003
@@ -195,7 +194,6 @@
 #define TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     0xC017
 #define TLS_ECDH_anon_WITH_AES_128_CBC_SHA      0xC018
 #define TLS_ECDH_anon_WITH_AES_256_CBC_SHA      0xC019
-#endif /* NSS_ENABLE_ECC */
 
 /* Netscape "experimental" cipher suites. */
 #define SSL_RSA_OLDFIPS_WITH_3DES_EDE_CBC_SHA	0xffe0