diff options
author | David Keeler <dkeeler@mozilla.com> | 2015-08-25 16:50:51 -0700 |
---|---|---|
committer | David Keeler <dkeeler@mozilla.com> | 2015-08-25 16:50:51 -0700 |
commit | 5c96c348e1d996980f4513b4abfd1123c7019016 (patch) | |
tree | cd6b879f81f7bf96bb20248b2c0227cfde2bf60c /lib | |
parent | 4a924c2995dcd8bb8961c1a91df019ebdd61e301 (diff) | |
download | nss-hg-5c96c348e1d996980f4513b4abfd1123c7019016.tar.gz |
Bug 1185033: Free the arena rather than destroying the
SECKEYPrivateKeyInfo if ASN.1 decoding fails. r=wtc,rrelyea
Diffstat (limited to 'lib')
-rw-r--r-- | lib/pk11wrap/pk11pk12.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lib/pk11wrap/pk11pk12.c b/lib/pk11wrap/pk11pk12.c index 2152a41e7..e5a0a21cf 100644 --- a/lib/pk11wrap/pk11pk12.c +++ b/lib/pk11wrap/pk11pk12.c @@ -234,13 +234,17 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot, SECItem *derPKI, rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate, derPKI); if( rv != SECSuccess ) { - goto finish; + /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the + * validity of the data in pki. The best we can do is free the arena + * and return. + */ + PORT_FreeArena(temparena, PR_TRUE); + return rv; } rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname, publicValue, isPerm, isPrivate, keyUsage, privk, wincx); -finish: /* this zeroes the key and frees the arena */ SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/); return rv; |