diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2003-11-11 21:46:53 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2003-11-11 21:46:53 +0000 |
| commit | 92b9482efebbdd1a8ad8f266cb7250116bc2ed19 (patch) | |
| tree | a3e9fc78097225b9983d6b38b7022df97932cb2d | |
| parent | 8888ca4a75182b19291a2637795dbd1c0d5dd08e (diff) | |
| download | nss-hg-92b9482efebbdd1a8ad8f266cb7250116bc2ed19.tar.gz | |
Eliminate some leaks in Stan cert code.
Partial fix to bugscape bug 53573.
| -rw-r--r-- | security/nss/lib/pki/certdecode.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/pki/pki3hack.c | 85 |
2 files changed, 53 insertions, 34 deletions
diff --git a/security/nss/lib/pki/certdecode.c b/security/nss/lib/pki/certdecode.c index ccbffd842..39a8adea2 100644 --- a/security/nss/lib/pki/certdecode.c +++ b/security/nss/lib/pki/certdecode.c @@ -44,7 +44,7 @@ static const char CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$ $Name$"; #endif /* PKIM_H */ #ifdef NSS_3_4_CODE -/* This is defined in nss3hack.c */ +/* This is defined in pki3hack.c */ NSS_EXTERN nssDecodedCert * nssDecodedPKIXCertificate_Create ( NSSArena *arenaOpt, diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c index 7c91d5c41..f78ae7e26 100644 --- a/security/nss/lib/pki/pki3hack.c +++ b/security/nss/lib/pki/pki3hack.c @@ -412,28 +412,38 @@ nss3certificate_getDERSerialNumber(nssDecodedCert *dc, return PR_FAILURE; } +/* Returns NULL if "encoding" cannot be decoded. */ NSS_IMPLEMENT nssDecodedCert * nssDecodedPKIXCertificate_Create ( NSSArena *arenaOpt, NSSDER *encoding ) { - nssDecodedCert *rvDC; - SECItem secDER; - rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); - rvDC->type = NSSCertificateType_PKIX; + nssDecodedCert *rvDC = NULL; + CERTCertificate *cert; + SECItem secDER; + SECITEM_FROM_NSSITEM(&secDER, encoding); - rvDC->data = (void *)CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL); - rvDC->getIdentifier = nss3certificate_getIdentifier; - rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; - rvDC->matchIdentifier = nss3certificate_matchIdentifier; - rvDC->isValidIssuer = nss3certificate_isValidIssuer; - rvDC->getUsage = nss3certificate_getUsage; - rvDC->isValidAtTime = nss3certificate_isValidAtTime; - rvDC->isNewerThan = nss3certificate_isNewerThan; - rvDC->matchUsage = nss3certificate_matchUsage; - rvDC->getEmailAddress = nss3certificate_getEmailAddress; - rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; + cert = CERT_DecodeDERCertificate(&secDER, PR_TRUE, NULL); + if (cert) { + rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); + if (rvDC) { + rvDC->type = NSSCertificateType_PKIX; + rvDC->data = (void *)cert; + rvDC->getIdentifier = nss3certificate_getIdentifier; + rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; + rvDC->matchIdentifier = nss3certificate_matchIdentifier; + rvDC->isValidIssuer = nss3certificate_isValidIssuer; + rvDC->getUsage = nss3certificate_getUsage; + rvDC->isValidAtTime = nss3certificate_isValidAtTime; + rvDC->isNewerThan = nss3certificate_isNewerThan; + rvDC->matchUsage = nss3certificate_matchUsage; + rvDC->getEmailAddress = nss3certificate_getEmailAddress; + rvDC->getDERSerialNumber = nss3certificate_getDERSerialNumber; + } else { + CERT_DestroyCertificate(cert); + } + } return rvDC; } @@ -443,19 +453,20 @@ create_decoded_pkix_cert_from_nss3cert ( CERTCertificate *cc ) { - nssDecodedCert *rvDC; - rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); - rvDC->type = NSSCertificateType_PKIX; - rvDC->data = (void *)cc; - rvDC->getIdentifier = nss3certificate_getIdentifier; - rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; - rvDC->matchIdentifier = nss3certificate_matchIdentifier; - rvDC->isValidIssuer = nss3certificate_isValidIssuer; - rvDC->getUsage = nss3certificate_getUsage; - rvDC->isValidAtTime = nss3certificate_isValidAtTime; - rvDC->isNewerThan = nss3certificate_isNewerThan; - rvDC->matchUsage = nss3certificate_matchUsage; - rvDC->getEmailAddress = nss3certificate_getEmailAddress; + nssDecodedCert *rvDC = nss_ZNEW(arenaOpt, nssDecodedCert); + if (rvDC) { + rvDC->type = NSSCertificateType_PKIX; + rvDC->data = (void *)cc; + rvDC->getIdentifier = nss3certificate_getIdentifier; + rvDC->getIssuerIdentifier = nss3certificate_getIssuerIdentifier; + rvDC->matchIdentifier = nss3certificate_matchIdentifier; + rvDC->isValidIssuer = nss3certificate_isValidIssuer; + rvDC->getUsage = nss3certificate_getUsage; + rvDC->isValidAtTime = nss3certificate_isValidAtTime; + rvDC->isNewerThan = nss3certificate_isNewerThan; + rvDC->matchUsage = nss3certificate_matchUsage; + rvDC->getEmailAddress = nss3certificate_getEmailAddress; + } return rvDC; } @@ -716,16 +727,24 @@ fill_CERTCertificateFields(NSSCertificate *c, CERTCertificate *cc, PRBool forced static CERTCertificate * stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate) { - nssDecodedCert *dc; + nssDecodedCert *dc = c->decoding; CERTCertificate *cc; - if (!c->decoding) { + + if (!dc) { dc = nssDecodedPKIXCertificate_Create(NULL, &c->encoding); - if (!dc) return NULL; + if (!dc) + return NULL; + cc = (CERTCertificate *)dc->data; + PORT_Assert(cc); + if (!cc) { + nssDecodedPKIXCertificate_Destroy(dc); + return NULL; + } + PORT_Assert(!c->decoding); /* Feeble attempt at race detection. */ c->decoding = dc; - } else { - dc = c->decoding; } cc = (CERTCertificate *)dc->data; + PORT_Assert(cc); if (cc) { if (!cc->nssCertificate || forceUpdate) { fill_CERTCertificateFields(c, cc, forceUpdate); |