diff options
Diffstat (limited to 'security/nss/lib/libpkix')
8 files changed, 40 insertions, 9 deletions
diff --git a/security/nss/lib/libpkix/include/pkix_errorstrings.h b/security/nss/lib/libpkix/include/pkix_errorstrings.h index db635514d..9e7a1744f 100755 --- a/security/nss/lib/libpkix/include/pkix_errorstrings.h +++ b/security/nss/lib/libpkix/include/pkix_errorstrings.h @@ -55,7 +55,7 @@ PKIX_ERRORENTRY(AIAMGRGETLDAPCERTSFAILED,pkix_pl_AIAMgr_GetLDAPCerts failed,0), PKIX_ERRORENTRY(ALGORITHMBYTESLENGTH0,Algorithm bytes length is 0,0), PKIX_ERRORENTRY(ALLOCATENEWCERTGENERALNAMEFAILED,Allocate new CERTGeneralName failed,0), PKIX_ERRORENTRY(AMBIGUOUSPARENTAGEOFVERIFYNODE,Ambiguous parentage of VerifyNode,0), -PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,0), +PKIX_ERRORENTRY(ANCHORDIDNOTCHAINTOCERT,Anchor did not chain to Cert,SEC_ERROR_UNKNOWN_ISSUER), PKIX_ERRORENTRY(ANCHORDIDNOTPASSCERTSELECTORCRITERIA,Anchor did not pass CertSelector criteria,0), PKIX_ERRORENTRY(APPENDLISTFAILED,pkix_pl_AppendList failed,0), PKIX_ERRORENTRY(ARGUMENTNOTSTRING,Argument is not a String,0), diff --git a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c b/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c index d1bc7c290..9c6dccc93 100755 --- a/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c +++ b/security/nss/lib/libpkix/pkix/results/pkix_verifynode.c @@ -81,7 +81,6 @@ pkix_VerifyNode_Create( PKIX_VerifyNode *node = NULL; PKIX_ENTER(VERIFYNODE, "pkix_VerifyNode_Create"); - PKIX_NULLCHECK_TWO(cert, pObject); PKIX_CHECK(PKIX_PL_Object_Alloc diff --git a/security/nss/lib/libpkix/pkix/top/pkix_build.c b/security/nss/lib/libpkix/pkix/top/pkix_build.c index 2394902e2..e51bee97e 100755 --- a/security/nss/lib/libpkix/pkix/top/pkix_build.c +++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c @@ -3211,6 +3211,26 @@ cleanup: } fatal: + if (state->parentState) { + /* parentState in "state" object should be NULL at this point. + * If itn't, that means that we got fatal error(we have jumped to + * "fatal" label) and we should destroy all state except the top one. */ + while (state->parentState) { + PKIX_Error *error = NULL; + PKIX_ForwardBuilderState *prntState = state->parentState; + /* Dumb: need to increment parentState to avoid destruction + * of "build constants"(they get destroyed when parentState is + * set to NULL. But later, need to decref to return to the + * previous status. */ + PKIX_INCREF(prntState); + error = PKIX_PL_Object_DecRef((PKIX_PL_Object*)state, plContext); + if (error) { + PKIX_PL_Object_DecRef((PKIX_PL_Object*)error, plContext); + } + PKIX_DECREF(prntState); + state = prntState; + } + } PKIX_DECREF(parentState); PKIX_DECREF(childState); PKIX_DECREF(valResult); diff --git a/security/nss/lib/libpkix/pkix/util/pkix_list.c b/security/nss/lib/libpkix/pkix/util/pkix_list.c index 55c2d3f90..541f0fc1f 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_list.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_list.c @@ -1277,9 +1277,10 @@ pkix_List_BubbleSort( } *pSortedList = sortedList; - + sortedList = NULL; cleanup: + PKIX_DECREF(sortedList); PKIX_DECREF(leastObj); PKIX_DECREF(cmpObj); diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.c b/security/nss/lib/libpkix/pkix/util/pkix_tools.c index 15122e5f6..36775dee9 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.c +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.c @@ -1540,6 +1540,7 @@ pkix_CheckForGeneratedError(PKIX_StdVars * stdVars, while(fnStackNameArr[pos]) { strLen += PORT_Strlen(fnStackNameArr[pos++]) + 1; } + strLen += 1; /* end of line. */ pos = 0; errorFnStackString = PORT_ZAlloc(strLen); while(fnStackNameArr[pos]) { diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c index eb0497d7c..4b2fa9189 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_aiamgr.c @@ -697,6 +697,7 @@ cleanup: PKIX_DECREF(aiaMgr->client.ldapClient); } + PKIX_DECREF(certs); PKIX_DECREF(ia); PKIX_RETURN(AIAMGR); diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c index 8f259fadf..4089ebb85 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_cert.c @@ -304,6 +304,7 @@ pkix_pl_Cert_DecodePolicyInfo( PKIX_LISTSETIMMUTABLEFAILED); *pCertPolicyInfos = infos; + infos = NULL; cleanup: if (certPol) { @@ -312,16 +313,14 @@ cleanup: CERT_DestroyCertificatePoliciesExtension(certPol); } - if (PKIX_ERROR_RECEIVED){ - PKIX_DECREF(infos); - } - PKIX_FREE(oidAscii); + PKIX_DECREF(infos); PKIX_DECREF(pkixOID); PKIX_DECREF(qualifiers); PKIX_DECREF(certPolicyInfo); PKIX_DECREF(certPolicyQualifier); PKIX_DECREF(qualifierArray); + PKIX_RETURN(CERT); } @@ -461,6 +460,7 @@ pkix_pl_Cert_DecodePolicyMapping( PKIX_LISTSETIMMUTABLEFAILED); *pCertPolicyMaps = maps; + maps = NULL; cleanup: if (certPolMaps) { @@ -471,6 +471,7 @@ cleanup: PKIX_FREE(issuerPolicyOIDAscii); PKIX_FREE(subjectPolicyOIDAscii); + PKIX_DECREF(maps); PKIX_DECREF(issuerDomainOID); PKIX_DECREF(subjectDomainOID); PKIX_DECREF(certPolicyMap); @@ -2652,6 +2653,7 @@ PKIX_PL_Cert_GetPolicyInformation( /* save a cached copy in case it is asked for again */ cert->certPolicyInfos = policyList; + policyList = NULL; } PKIX_INCREF(cert->certPolicyInfos); @@ -2660,6 +2662,8 @@ PKIX_PL_Cert_GetPolicyInformation( cleanup: PKIX_OBJECT_UNLOCK(lockedObject); + + PKIX_DECREF(policyList); PKIX_RETURN(CERT); } @@ -2699,14 +2703,17 @@ PKIX_PL_Cert_GetPolicyMappings( PKIX_OBJECT_UNLOCK(cert); /* save a cached copy in case it is asked for again */ - cert->certPolicyMappings = policyMappings; + cert->certPolicyMappings = policyMappings; + policyMappings = NULL; } PKIX_INCREF(cert->certPolicyMappings); *pPolicyMappings = cert->certPolicyMappings; - + cleanup: PKIX_OBJECT_UNLOCK(lockedObject); + + PKIX_DECREF(policyMappings); PKIX_RETURN(CERT); } diff --git a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c index cd0b7e055..d7705f5a0 100644 --- a/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c +++ b/security/nss/lib/libpkix/pkix_pl_nss/pki/pkix_pl_certpolicymap.c @@ -95,8 +95,10 @@ pkix_pl_CertPolicyMap_Create( policyMap->subjectDomainPolicy = subjectDomainPolicy; *pCertPolicyMap = policyMap; + policyMap = NULL; cleanup: + PKIX_DECREF(policyMap); PKIX_RETURN(CERTPOLICYMAP); } |