diff options
author | relyea%netscape.com <devnull@localhost> | 2002-08-29 22:19:46 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2002-08-29 22:19:46 +0000 |
commit | c97893ae636536c70144f072a544aefb301c9cef (patch) | |
tree | 79cb20bedd44e76198c5989ac7fcb4fc77b04730 /security/nss | |
parent | ed3c5f5fee6dd91ace0dd18448087ab594df465a (diff) | |
download | nss-hg-c97893ae636536c70144f072a544aefb301c9cef.tar.gz |
When looking for a recipient match, reject non-user certs.
Diffstat (limited to 'security/nss')
-rw-r--r-- | security/nss/lib/pk11wrap/pk11cert.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c index e768dc9b4..72866d55b 100644 --- a/security/nss/lib/pk11wrap/pk11cert.c +++ b/security/nss/lib/pk11wrap/pk11cert.c @@ -2115,6 +2115,12 @@ pk11_FindCertObjectByRecipientNew(PK11SlotInfo *slot, NSSCMSRecipient **recipien continue; cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->id.issuerAndSN, pwarg); + /* this isn't our cert */ + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } if (cert) { ri->slot = PK11_ReferenceSlot(slot); *rlIndex = i; @@ -2182,6 +2188,11 @@ pk11_FindCertObjectByRecipient(PK11SlotInfo *slot, cert = PK11_FindCertByIssuerAndSNOnToken(slot, ri->issuerAndSN, pwarg); + if ((cert->trust == NULL) || + ((cert->trust->emailFlags & CERTDB_USER) != CERTDB_USER)) { + CERT_DestroyCertificate(cert); + continue; + } if (cert) { *rip = ri; return cert; |