diff options
Diffstat (limited to 'lib/pki/pki3hack.c')
-rw-r--r-- | lib/pki/pki3hack.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/lib/pki/pki3hack.c b/lib/pki/pki3hack.c index 7fe9113e4..5556cd176 100644 --- a/lib/pki/pki3hack.c +++ b/lib/pki/pki3hack.c @@ -72,12 +72,16 @@ STAN_InitTokenForSlotInfo(NSSTrustDomain *td, PK11SlotInfo *slot) } } token = nssToken_CreateFromPK11SlotInfo(td, slot); - PK11Slot_SetNSSToken(slot, token); - /* Don't add nonexistent token to TD's token list */ if (token) { + /* PK11Slot_SetNSSToken increments the refcount on |token| to 2 */ + PK11Slot_SetNSSToken(slot, token); + + /* we give our reference to |td->tokenList| */ NSSRWLock_LockWrite(td->tokensLock); nssList_Add(td->tokenList, token); NSSRWLock_UnlockWrite(td->tokensLock); + } else { + PK11Slot_SetNSSToken(slot, NULL); } return PR_SUCCESS; } @@ -188,7 +192,8 @@ STAN_RemoveModuleFromDefaultTrustDomain( nssList_Remove(td->tokenList, token); NSSRWLock_UnlockWrite(td->tokensLock); PK11Slot_SetNSSToken(module->slots[i], NULL); - nssToken_Destroy(token); + (void)nssToken_Destroy(token); /* for the |td->tokenList| reference */ + (void)nssToken_Destroy(token); /* for our PK11Slot_GetNSSToken reference */ } } NSSRWLock_LockWrite(td->tokensLock); @@ -1076,7 +1081,11 @@ STAN_GetNSSCertificate(CERTCertificate *cc) nssArena_Destroy(arena); return NULL; } - instance->token = nssToken_AddRef(PK11Slot_GetNSSToken(cc->slot)); + instance->token = PK11Slot_GetNSSToken(cc->slot); + if (!instance->token) { + nssArena_Destroy(arena); + return NULL; + } instance->handle = cc->pkcs11ID; instance->isTokenObject = PR_TRUE; if (cc->nickname) { @@ -1269,6 +1278,10 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) NSSASCII7 *email = c->email; tok = PK11Slot_GetNSSToken(slot); PK11_FreeSlot(slot); + if (!tok) { + nssrv = PR_FAILURE; + goto done; + } newInstance = nssToken_ImportCertificate(tok, NULL, NSSCertificateType_PKIX, @@ -1283,6 +1296,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) nss_ZFreeIf(nickname); nickname = NULL; if (!newInstance) { + (void)nssToken_Destroy(tok); nssrv = PR_FAILURE; goto done; } @@ -1294,6 +1308,7 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust) nssTrust->codeSigning, nssTrust->emailProtection, nssTrust->stepUpApproved, PR_TRUE); + (void)nssToken_Destroy(tok); } if (newInstance) { nssCryptokiObject_Destroy(newInstance); |