summaryrefslogtreecommitdiff
path: root/security/nss
diff options
context:
space:
mode:
authornelsonb%netscape.com <devnull@localhost>2003-11-27 05:06:20 +0000
committernelsonb%netscape.com <devnull@localhost>2003-11-27 05:06:20 +0000
commitd470467a53cd099ddb43b9772e422eb0766249a9 (patch)
tree4ca1e3c8c93abfaa6bcfeed4bfadf54868ca9505 /security/nss
parent1e0bbb8721624b21f044fbd03b5dd3380b979ae8 (diff)
downloadnss-hg-d470467a53cd099ddb43b9772e422eb0766249a9.tar.gz
Fix leak in CERT_FindSubjectKeyIDExtension, and use the Quick DER
decoder. Bugscape bug 54021. r=jpierre
Diffstat (limited to 'security/nss')
-rw-r--r--security/nss/lib/certdb/certv3.c25
1 files changed, 16 insertions, 9 deletions
diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c
index e50c66279..7952a0534 100644
--- a/security/nss/lib/certdb/certv3.c
+++ b/security/nss/lib/certdb/certv3.c
@@ -294,19 +294,26 @@ SECStatus
CERT_FindSubjectKeyIDExtension(CERTCertificate *cert, SECItem *retItem)
{
- SECItem encodedValue;
SECStatus rv;
+ SECItem encodedValue = {siBuffer, NULL, 0 };
+ SECItem decodedValue = {siBuffer, NULL, 0 };
- encodedValue.data = NULL;
rv = cert_FindExtension
(cert->extensions, SEC_OID_X509_SUBJECT_KEY_ID, &encodedValue);
- if (rv != SECSuccess)
- return (rv);
- rv = SEC_ASN1DecodeItem (NULL, retItem, SEC_OctetStringTemplate,
- &encodedValue);
- PORT_Free (encodedValue.data);
-
- return (rv);
+ if (rv == SECSuccess) {
+ PLArenaPool * tmpArena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (tmpArena) {
+ rv = SEC_QuickDERDecodeItem(tmpArena, &decodedValue,
+ SEC_OctetStringTemplate,
+ &encodedValue);
+ if (rv == SECSuccess) {
+ rv = SECITEM_CopyItem(NULL, retItem, &decodedValue);
+ }
+ PORT_FreeArena(tmpArena, PR_FALSE);
+ }
+ }
+ SECITEM_FreeItem(&encodedValue, PR_FALSE);
+ return rv;
}
SECStatus
View Lorry Controller Status