1 files changed, 15 insertions, 11 deletions

diff --git a/lib/pki/trustdomain.c b/lib/pki/trustdomain.c
index 151b88875..84428a1bf 100644
--- a/lib/pki/trustdomain.c
+++ b/lib/pki/trustdomain.c
@@ -11,6 +11,7 @@
 #endif /* PKIM_H */
 
 #include "cert.h"
+#include "dev3hack.h"
 #include "pki3hack.h"
 #include "pk11pub.h"
 #include "nssrwlk.h"
@@ -61,11 +62,14 @@ static void
 token_destructor(void *t)
 {
     NSSToken *tok = (NSSToken *)t;
-    /* The token holds the first/last reference to the slot.
-     * When the token is actually destroyed (ref count == 0),
-     * the slot will also be destroyed.
-     */
-    nssToken_Destroy(tok);
+    /* Remove the token list's reference to the token */
+    (void)nssToken_Destroy(tok);
+
+    /* Signal that the slot should not give out any more references to the
+     * token. The token might still have a positive refcount after this call.
+     * The token has a reference to the slot, so the slot will not be destroyed
+     * until after the token's refcount drops to 0. */
+    PK11Slot_SetNSSToken(tok->pk11slot, NULL);
 }
 
 NSS_IMPLEMENT PRStatus
@@ -469,7 +473,7 @@ nssTrustDomain_FindCertificatesByNickname(
                                                                 numRemaining,
                                                                 &status);
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
             if (status != PR_SUCCESS) {
                 errors++;
                 continue;
@@ -618,7 +622,7 @@ nssTrustDomain_FindCertificatesBySubject(
                                                                numRemaining,
                                                                &status);
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
             if (status != PR_SUCCESS) {
                 errors++;
                 continue;
@@ -779,7 +783,7 @@ nssTrustDomain_FindCertificateByIssuerAndSerialNumber(
                     tokenOnly,
                     &status);
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
             if (status != PR_SUCCESS) {
                 continue;
             }
@@ -1022,7 +1026,7 @@ NSSTrustDomain_TraverseCertificates(
                                                     collector,
                                                     collection);
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
         }
     }
 
@@ -1076,7 +1080,7 @@ nssTrustDomain_FindTrustForCertificate(
                     nssCryptokiObject_Destroy(to);
                 }
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
         }
     }
     if (pkio) {
@@ -1126,7 +1130,7 @@ nssTrustDomain_FindCRLsBySubject(
                 instances = nssToken_FindCRLsBySubject(token, session, subject,
                                                        tokenOnly, 0, &status);
             }
-            nssToken_Destroy(token);
+            (void)nssToken_Destroy(token);
             if (status == PR_SUCCESS) {
                 /* add the found CRL's to the collection */
                 status = nssPKIObjectCollection_AddInstances(collection,