diff options
| author | nelson%bolyard.com <devnull@localhost> | 2009-12-01 06:28:11 +0000 |
|---|---|---|
| committer | nelson%bolyard.com <devnull@localhost> | 2009-12-01 06:28:11 +0000 |
| commit | 7a2af0bda16d42c862763552201afdd5822b05d1 (patch) | |
| tree | 63e9dfde0d3b81ccd9685a60e59684c3b378937d | |
| parent | 12069e5348caa56fd2a4ebce31b152408a6ffecf (diff) | |
| download | nss-hg-7a2af0bda16d42c862763552201afdd5822b05d1.tar.gz | |
Bug 524167: Don't crash if slot has null token pointer after entering
FIPS mode. r=rrelyea
| -rw-r--r-- | security/nss/lib/dev/devtoken.c | 18 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 4 |
2 files changed, 22 insertions, 0 deletions
diff --git a/security/nss/lib/dev/devtoken.c b/security/nss/lib/dev/devtoken.c index f93fca36b..801a551c9 100644 --- a/security/nss/lib/dev/devtoken.c +++ b/security/nss/lib/dev/devtoken.c @@ -431,6 +431,13 @@ find_objects_by_template ( CK_OBJECT_CLASS objclass = (CK_OBJECT_CLASS)-1; nssCryptokiObject **objects = NULL; PRUint32 i; + + if (!token) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + if (statusOpt) + *statusOpt = PR_FAILURE; + return NULL; + } for (i=0; i<otsize; i++) { if (obj_template[i].type == CKA_CLASS) { objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue; @@ -491,6 +498,10 @@ nssToken_ImportCertificate ( nssTokenSearchType searchType; nssCryptokiObject *rvObject = NULL; + if (!tok) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + return NULL; + } if (certType == NSSCertificateType_PKIX) { cert_type = CKC_X_509; } else { @@ -842,6 +853,13 @@ nssToken_FindCertificateByIssuerAndSerialNumber ( nssCryptokiObject **objects; nssCryptokiObject *rvObject = NULL; NSS_CK_TEMPLATE_START(cert_template, attr, ctsize); + + if (!token) { + PORT_SetError(SEC_ERROR_NO_TOKEN); + if (statusOpt) + *statusOpt = PR_FAILURE; + return NULL; + } /* Set the search to token/session only if provided */ if (searchType == nssTokenSearchType_SessionOnly) { NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false); diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index 4aa094e7f..a51a604d9 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -854,6 +854,10 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, nssCertificateStoreTrace unlockTrace = {NULL, NULL, PR_FALSE, PR_FALSE}; if (keyID == NULL) { + goto loser; /* error code should be set already */ + } + if (!token) { + PORT_SetError(SEC_ERROR_NO_TOKEN); goto loser; } |