Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls

to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
author: Robert Relyea <rrelyea@redhat.com> 2014-06-04 12:42:10 -0700
committer: Robert Relyea <rrelyea@redhat.com> 2014-06-04 12:42:10 -0700
commit: 6408518b7dd3eb60601752d7d8b1fcc3be14deb5 (patch)
tree: d5458e5d0282169b93f261dc8a2769c6990873f5 /lib/pk11wrap/pk11cert.c
parent: fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (diff)
download: nss-hg-6408518b7dd3eb60601752d7d8b1fcc3be14deb5.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
index 39168b96c..3f3edb119 100644
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -981,8 +981,15 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
      * CERTCertificate, and finish
      */
     nssPKIObject_AddInstance(&c->object, certobj);
+    /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
+     * replace 'c' by a different value. So we add a reference to 'c' to
+     * prevent 'c' from being destroyed. */
+    nssCertificate_AddRef(c);
     nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+    /* XXX should we pass the original value of 'c' to
+     * STAN_ForceCERTCertificateUpdate? */
     (void)STAN_ForceCERTCertificateUpdate(c);
+    nssCertificate_Destroy(c);
     SECITEM_FreeItem(keyID,PR_TRUE);
     return SECSuccess;
 loser:
author	Robert Relyea <rrelyea@redhat.com>	2014-06-04 12:42:10 -0700
committer	Robert Relyea <rrelyea@redhat.com>	2014-06-04 12:42:10 -0700
commit	6408518b7dd3eb60601752d7d8b1fcc3be14deb5 (patch)
tree	d5458e5d0282169b93f261dc8a2769c6990873f5 /lib/pk11wrap/pk11cert.c
parent	fae3434e291d3bf1904ac6a0c577fcc3d0f7a46a (diff)
download	nss-hg-6408518b7dd3eb60601752d7d8b1fcc3be14deb5.tar.gz