From 426692835a4cf9102431c6b3ba7f27c1ff8f1e00 Mon Sep 17 00:00:00 2001
From: Andrew McCreight <continuation@gmail.com>
Date: Wed, 30 Jul 2014 13:00:29 -0700
Subject: [PATCH] Bug 1029151 - Remove dangerous public destructor of
 nsNSSCertificate. r=keeler

---
 security/manager/ssl/src/nsClientAuthRemember.cpp | 4 ++--
 security/manager/ssl/src/nsNSSCertificate.h       | 9 ++-------
 security/manager/ssl/src/nsNSSCertificateDB.cpp   | 4 ++--
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/security/manager/ssl/src/nsClientAuthRemember.cpp b/security/manager/ssl/src/nsClientAuthRemember.cpp
index 2a17a4540fba..1708d270303d 100644
--- a/security/manager/ssl/src/nsClientAuthRemember.cpp
+++ b/security/manager/ssl/src/nsClientAuthRemember.cpp
@@ -114,9 +114,9 @@ nsClientAuthRememberService::RememberDecision(const nsACString & aHostName,
   {
     ReentrantMonitorAutoEnter lock(monitor);
     if (aClientCert) {
-      nsNSSCertificate pipCert(aClientCert);
+      RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(aClientCert));
       char *dbkey = nullptr;
-      rv = pipCert.GetDbKey(&dbkey);
+      rv = pipCert->GetDbKey(&dbkey);
       if (NS_SUCCEEDED(rv) && dbkey) {
         AddEntryToList(aHostName, fpStr, 
                        nsDependentCString(dbkey));
diff --git a/security/manager/ssl/src/nsNSSCertificate.h b/security/manager/ssl/src/nsNSSCertificate.h
index fb312c70e4ed..468dec06b8e4 100644
--- a/security/manager/ssl/src/nsNSSCertificate.h
+++ b/security/manager/ssl/src/nsNSSCertificate.h
@@ -42,7 +42,6 @@ public:
 
   nsNSSCertificate(CERTCertificate* cert, SECOidTag* evOidPolicy = nullptr);
   nsNSSCertificate();
-  virtual ~nsNSSCertificate();
   nsresult FormatUIStrings(const nsAutoString& nickname,
                            nsAutoString& nickWithSerial,
                            nsAutoString& details);
@@ -51,6 +50,8 @@ public:
   static nsNSSCertificate* ConstructFromDER(char* certDER, int derLen);
 
 private:
+  virtual ~nsNSSCertificate();
+
   mozilla::ScopedCERTCertificate mCert;
   bool             mPermDelete;
   uint32_t         mCertType;
@@ -74,12 +75,6 @@ private:
 
 namespace mozilla {
 
-template<>
-struct HasDangerousPublicDestructor<nsNSSCertificate>
-{
-  static const bool value = true;
-};
-
 SECStatus ConstructCERTCertListFromReversedDERArray(
             const mozilla::pkix::DERArray& certArray,
             /*out*/ mozilla::ScopedCERTCertList& certList);
diff --git a/security/manager/ssl/src/nsNSSCertificateDB.cpp b/security/manager/ssl/src/nsNSSCertificateDB.cpp
index a1ad3a624141..ae35817dbb6a 100644
--- a/security/manager/ssl/src/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/src/nsNSSCertificateDB.cpp
@@ -1240,11 +1240,11 @@ nsNSSCertificateDB::getCertNames(CERTCertList *certList,
        !CERT_LIST_END(node, certList);
        node = CERT_LIST_NEXT(node)) {
     if (getCertType(node->cert) == type) {
-      nsNSSCertificate pipCert(node->cert);
+      RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(node->cert));
       char *dbkey = nullptr;
       char *namestr = nullptr;
       nsAutoString certstr;
-      pipCert.GetDbKey(&dbkey);
+      pipCert->GetDbKey(&dbkey);
       nsAutoString keystr = NS_ConvertASCIItoUTF16(dbkey);
       PR_FREEIF(dbkey);
       if (type == nsIX509Cert::EMAIL_CERT) {