diff options
author | kaie%netscape.com <devnull@localhost> | 2001-09-12 16:17:01 +0000 |
---|---|---|
committer | kaie%netscape.com <devnull@localhost> | 2001-09-12 16:17:01 +0000 |
commit | 56d5d290048a6bd60fad2ac8cd54c5e19a566084 (patch) | |
tree | d9de0589488720620f65ff985fa388444d030834 | |
parent | 6a923669b9f5e85a0831ca73ff975b009eabb7a9 (diff) | |
download | nss-hg-56d5d290048a6bd60fad2ac8cd54c5e19a566084.tar.gz |
b=99052 r=nelsonb a=asa on irc
Fix crash in NSS during SSL handshake
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 49 |
1 files changed, 35 insertions, 14 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index 807c0a9e0..ef5d49270 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -1556,20 +1556,41 @@ loser: CERTCertList * CERT_GetCertChainFromCert(CERTCertificate *cert, int64 time, SECCertUsage usage) { - CERTCertList *chain; - - if (cert != NULL) { - chain = CERT_NewCertList(); - cert = CERT_DupCertificate(cert); - while (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) - != SECEqual) { - CERT_AddCertToListTail(chain, cert); - cert = CERT_FindCertIssuer(cert, time, usage); - } - CERT_AddCertToListTail(chain, cert); - return chain; + CERTCertList *chain = NULL; + + if (NULL == cert) { + return NULL; + } + + cert = CERT_DupCertificate(cert); + if (NULL == cert) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; + } + + chain = CERT_NewCertList(); + if (NULL == chain) { + PORT_SetError(SEC_ERROR_NO_MEMORY); + return NULL; } - return NULL; -} + while (cert != NULL) { + if (SECSuccess != CERT_AddCertToListTail(chain, cert)) { + /* return partial chain */ + PORT_SetError(SEC_ERROR_NO_MEMORY); + return chain; + } + if (SECITEM_CompareItem(&cert->derIssuer, &cert->derSubject) + == SECEqual) { + /* return complete chain */ + return chain; + } + + cert = CERT_FindCertIssuer(cert, time, usage); + } + + /* return partial chain */ + PORT_SetError(SEC_ERROR_UNKNOWN_ISSUER); + return chain; +} |