diff options
author | nelsonb%netscape.com <devnull@localhost> | 2001-03-31 02:49:59 +0000 |
---|---|---|
committer | nelsonb%netscape.com <devnull@localhost> | 2001-03-31 02:49:59 +0000 |
commit | 987585c03189085af86c3263c7aca6394018f424 (patch) | |
tree | c02fd13d1599377687bd5f9b095b7dfc1a3b383b | |
parent | 55d91ebe35044899ee25aee68536c1417b19001b (diff) | |
download | nss-hg-987585c03189085af86c3263c7aca6394018f424.tar.gz |
Fix a couple of memory leaks that occur in rare error paths.
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 35 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslsecur.c | 10 |
2 files changed, 21 insertions, 24 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index f264ff532..d4fec698c 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -3898,8 +3898,8 @@ loser: static SECStatus ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) { - PRArenaPool * arena; - SECKEYPublicKey *peerKey; + PRArenaPool * arena = NULL; + SECKEYPublicKey *peerKey = NULL; PRBool isTLS; SECStatus rv; int errCode = SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH; @@ -3981,8 +3981,9 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) goto no_memory; } - ss->sec->peerKey = peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); + peerKey = PORT_ArenaZNew(arena, SECKEYPublicKey); if (peerKey == NULL) { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; } @@ -3990,26 +3991,16 @@ ssl3_HandleServerKeyExchange(sslSocket *ss, SSL3Opaque *b, PRUint32 length) peerKey->keyType = rsaKey; peerKey->pkcs11Slot = NULL; peerKey->pkcs11ID = CK_INVALID_KEY; - peerKey->u.rsa.modulus.data = - (unsigned char*)PORT_ArenaAlloc(arena, modulus.len); - if (peerKey->u.rsa.modulus.data == NULL) + if (SECITEM_CopyItem(arena, &peerKey->u.rsa.modulus, &modulus) || + SECITEM_CopyItem(arena, &peerKey->u.rsa.publicExponent, &exponent)) + { + PORT_FreeArena(arena, PR_FALSE); goto no_memory; - - PORT_Memcpy(peerKey->u.rsa.modulus.data, modulus.data, modulus.len); - peerKey->u.rsa.modulus.len = modulus.len; - - peerKey->u.rsa.publicExponent.data = - (unsigned char*)PORT_ArenaAlloc(arena, exponent.len); - if (peerKey->u.rsa.publicExponent.data == NULL) - goto no_memory; - - PORT_Memcpy(peerKey->u.rsa.publicExponent.data, - exponent.data, exponent.len); - peerKey->u.rsa.publicExponent.len = exponent.len; - - PORT_Free(modulus.data); - PORT_Free(exponent.data); - PORT_Free(signature.data); + } + ss->sec->peerKey = peerKey; + SECITEM_FreeItem(&modulus, PR_FALSE); + SECITEM_FreeItem(&exponent, PR_FALSE); + SECITEM_FreeItem(&signature, PR_FALSE); ss->ssl3->hs.ws = wait_cert_request; return SECSuccess; diff --git a/security/nss/lib/ssl/sslsecur.c b/security/nss/lib/ssl/sslsecur.c index f2011292f..676f7ebf4 100644 --- a/security/nss/lib/ssl/sslsecur.c +++ b/security/nss/lib/ssl/sslsecur.c @@ -870,8 +870,14 @@ ssl_DestroySecurityInfo(sslSecurityInfo *sec) PORT_ZFree(sec->writeBuf.buf, sec->writeBuf.space); sec->writeBuf.buf = 0; - CERT_DestroyCertificate(sec->peerCert); - sec->peerCert = NULL; + if (sec->peerCert) { + CERT_DestroyCertificate(sec->peerCert); + sec->peerCert = NULL; + } + if (sec->peerKey) { + SECKEY_DestroyPublicKey(sec->peerKey); + sec->peerKey = NULL; + } PORT_ZFree(sec->ci.sendBuf.buf, sec->ci.sendBuf.space); if (sec->ci.sid != NULL) { |