diff options
author | Robert Relyea <rrelyea@redhat.com> | 2014-06-04 12:42:10 -0700 |
---|---|---|
committer | Robert Relyea <rrelyea@redhat.com> | 2014-06-04 12:42:10 -0700 |
commit | 6408518b7dd3eb60601752d7d8b1fcc3be14deb5 (patch) | |
tree | d5458e5d0282169b93f261dc8a2769c6990873f5 /lib/pk11wrap/pk11cert.c | |
parent | fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (diff) | |
download | nss-hg-6408518b7dd3eb60601752d7d8b1fcc3be14deb5.tar.gz |
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
Diffstat (limited to 'lib/pk11wrap/pk11cert.c')
-rw-r--r-- | lib/pk11wrap/pk11cert.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c index 39168b96c..3f3edb119 100644 --- a/lib/pk11wrap/pk11cert.c +++ b/lib/pk11wrap/pk11cert.c @@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert, * CERTCertificate, and finish */ nssPKIObject_AddInstance(&c->object, certobj); + /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and + * replace 'c' by a different value. So we add a reference to 'c' to + * prevent 'c' from being destroyed. */ + nssCertificate_AddRef(c); nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1); + /* XXX should we pass the original value of 'c' to + * STAN_ForceCERTCertificateUpdate? */ (void)STAN_ForceCERTCertificateUpdate(c); + nssCertificate_Destroy(c); SECITEM_FreeItem(keyID,PR_TRUE); return SECSuccess; loser: |