From 4b9a8a51c971df2197014bac98158e91ccd318fb Mon Sep 17 00:00:00 2001
From: "kaie%netscape.com" <kaie%netscape.com>
Date: Fri, 23 Aug 2002 10:40:27 +0000
Subject: [PATCH] b=157927 Fix memory leaks in nsNSSCertificate.cpp, fix some
 compiler warnings, do some cleanup. r=javi sr=jag

---
 security/manager/ssl/src/nsCMS.cpp           |   3 +-
 security/manager/ssl/src/nsCertTree.cpp      |   3 +-
 security/manager/ssl/src/nsKeygenHandler.cpp |  10 +-
 security/manager/ssl/src/nsNSSCallbacks.cpp  | 109 ++++++++++---------
 security/manager/ssl/src/nsNSSComponent.cpp  |   2 +-
 security/manager/ssl/src/nsNSSIOLayer.cpp    |  16 ++-
 security/manager/ssl/src/nsPKCS12Blob.cpp    |   6 +-
 7 files changed, 77 insertions(+), 72 deletions(-)

diff --git a/security/manager/ssl/src/nsCMS.cpp b/security/manager/ssl/src/nsCMS.cpp
index 8314ce5508ac..4605af0c9501 100644
--- a/security/manager/ssl/src/nsCMS.cpp
+++ b/security/manager/ssl/src/nsCMS.cpp
@@ -340,7 +340,8 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
   CERTCertificate **recipientCerts;
   PLArenaPool *tmpPoolp = nsnull;
   SECOidTag bulkAlgTag;
-  int keySize, i;
+  int keySize;
+  PRUint32 i;
   nsNSSCertificate *nssRecipientCert;
   nsresult rv = NS_ERROR_FAILURE;
 
diff --git a/security/manager/ssl/src/nsCertTree.cpp b/security/manager/ssl/src/nsCertTree.cpp
index df641252322e..3fb1941ce8fc 100644
--- a/security/manager/ssl/src/nsCertTree.cpp
+++ b/security/manager/ssl/src/nsCertTree.cpp
@@ -461,7 +461,8 @@ nsCertTree::RemoveCert(PRUint32 index)
     return NS_ERROR_FAILURE;
   }
 
-  int i, idx = 0, cIndex = 0, nc;
+  int i;
+  PRUint32 idx = 0, cIndex = 0, nc;
   // Loop over the threads
   for (i=0; i<mNumOrgs; i++) {
     if (index == idx)
diff --git a/security/manager/ssl/src/nsKeygenHandler.cpp b/security/manager/ssl/src/nsKeygenHandler.cpp
index 096936018c5c..a9ebf3489aea 100644
--- a/security/manager/ssl/src/nsKeygenHandler.cpp
+++ b/security/manager/ssl/src/nsKeygenHandler.cpp
@@ -101,8 +101,6 @@ static NS_DEFINE_IID(kFormProcessorIID,   NS_IFORMPROCESSOR_IID);
 static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
 static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
 
-static const char *mozKeyGen = "-mozilla-keygen";
-
 static PQGParams *
 decode_pqg_params(char *aStr)
 {
@@ -611,20 +609,14 @@ NS_METHOD nsKeygenFormProcessor::ProvideContent(const nsString& aFormType,
 						nsVoidArray& aContent, 
 						nsString& aAttribute) 
 { 
-  nsString selectKey;
-  SECKeySizeChoiceInfo *choice = SECKeySizeChoiceList;
-
-  selectKey.Assign(NS_LITERAL_STRING("SELECT"));
   if (Compare(aFormType, NS_LITERAL_STRING("SELECT"), 
     nsCaseInsensitiveStringComparator()) == 0) {
     for (SECKeySizeChoiceInfo* choice = SECKeySizeChoiceList; choice && choice->name; ++choice) {
       nsString *str = new nsString(choice->name);
       aContent.AppendElement(str);
     }
-    aAttribute.AssignWithConversion(mozKeyGen);
+    aAttribute.Assign(NS_LITERAL_STRING("-mozilla-keygen"));
   }
   return NS_OK;
 } 
 
-
-
diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp
index aab702ef7d33..0369d8300f8c 100644
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -196,70 +196,71 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
   nsresult rv;
   PRInt32 encryptBits;
 
-  if (SECSuccess == SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
-                                       &encryptBits, &signer, nsnull))
-    {
-      PRInt32 secStatus;
-      if (sslStatus == SSL_SECURITY_STATUS_OFF)
-        secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
-      else if (encryptBits >= 90)
-        secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
-                     nsIWebProgressListener::STATE_SECURE_HIGH);
-      else
-        secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
-                     nsIWebProgressListener::STATE_SECURE_LOW);
+  if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
+                                       &encryptBits, &signer, nsnull)) {
+    return;
+  }
 
-      CERTCertificate *peerCert = SSL_PeerCertificate(fd);
-      char* caName = CERT_GetOrgName(&peerCert->issuer);
-      CERT_DestroyCertificate(peerCert);
-      if (!caName) {
-        caName = signer;
-      }
+  PRInt32 secStatus;
+  if (sslStatus == SSL_SECURITY_STATUS_OFF)
+    secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
+  else if (encryptBits >= 90)
+    secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
+                 nsIWebProgressListener::STATE_SECURE_HIGH);
+  else
+    secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
+                 nsIWebProgressListener::STATE_SECURE_LOW);
 
-      // If the CA name is RSA Data Security, then change the name to the real
-      // name of the company i.e. VeriSign, Inc.
-      if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
-        // In this case, caName != signer since the logic implies signer
-        // would be at minimal "O=RSA Data Security, Inc" because caName
-        // is what comes after to O=.  So we're OK just freeing this memory
-        // without checking to see if it's equal to signer;
-        NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
-        PR_Free(caName);
-        caName = PL_strdup("Verisign, Inc.");
-      }
+  CERTCertificate *peerCert = SSL_PeerCertificate(fd);
+  char* caName = CERT_GetOrgName(&peerCert->issuer);
+  CERT_DestroyCertificate(peerCert);
+  if (!caName) {
+    caName = signer;
+  }
 
-      nsXPIDLString shortDesc;
-      const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
-      nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
-      if (NS_FAILED(rv))
-        return; 
+  // If the CA name is RSA Data Security, then change the name to the real
+  // name of the company i.e. VeriSign, Inc.
+  if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
+    // In this case, caName != signer since the logic implies signer
+    // would be at minimal "O=RSA Data Security, Inc" because caName
+    // is what comes after to O=.  So we're OK just freeing this memory
+    // without checking to see if it's equal to signer;
+    NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
+    PR_Free(caName);
+    caName = PL_strdup("Verisign, Inc.");
+  }
 
-      rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
-                                                     formatStrings, 1,
-                                                     getter_Copies(shortDesc));
+  nsXPIDLString shortDesc;
+  const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
+  nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
+  if (NS_SUCCEEDED(rv)) {
+    rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
+                                                   formatStrings, 1,
+                                                   getter_Copies(shortDesc));
 
-      nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
-  
-      nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
-      infoObject->SetSecurityState(secStatus);
-      infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
+    nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
 
-      /* Set the SSL Status information */
-      nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
+    nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
+    infoObject->SetSecurityState(secStatus);
+    infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
 
-      CERTCertificate *serverCert = SSL_PeerCertificate(fd);
-      if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
+    /* Set the SSL Status information */
+    nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
 
-      status->mKeyLength = keyLength;
-      status->mSecretKeyLength = encryptBits;
-      status->mCipherName.Adopt(cipherName);
+    CERTCertificate *serverCert = SSL_PeerCertificate(fd);
+    if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
 
-      infoObject->SetSSLStatus(status);
+    status->mKeyLength = keyLength;
+    status->mSecretKeyLength = encryptBits;
+    status->mCipherName.Adopt(cipherName);
 
-      if (caName != signer)
-        PR_Free(caName);
-      PR_Free(signer);
-    }
+    infoObject->SetSSLStatus(status);
+  }
+
+  if (caName != signer) {
+    PR_Free(caName);
+  }
+  PR_Free(signer);
 }
 
 SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp
index 3f0273c2139c..c0e06f0c6bc2 100644
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -628,7 +628,7 @@ nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsAutoString *url, PRTime
     return NS_ERROR_FAILURE;
   }
 
-  for(PRInt32 i=0;i<noOfCrls;i++) {
+  for(PRUint32 i=0;i<noOfCrls;i++) {
     PRBool autoUpdateEnabled;
     nsAutoString tempCrlKey;
   
diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp
index 97c09a629aca..683b62786375 100644
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -1461,6 +1461,7 @@ static const SEC_ASN1Template cert_CertificateScopeOfUseTemplate[] = {
     { SEC_ASN1_SEQUENCE_OF, 0, cert_CertificateScopeEntryTemplate }
 };
 
+#if 0
 /* 
  * decodes the extension data and create CERTCertificateScopeEntry that can
  * be consumed by the code
@@ -1710,6 +1711,7 @@ done:
     }
     return rv;
 }
+#endif
 
 /*
  * Function: SSMStatus SSM_SetUserCertChoice()
@@ -1966,9 +1968,17 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
     }
 
     /* Get CN and O of the subject and O of the issuer */
-    NS_ConvertUTF8toUCS2 cn(CERT_GetCommonName(&serverCert->subject));
-    NS_ConvertUTF8toUCS2 org(CERT_GetOrgName(&serverCert->subject));
-    NS_ConvertUTF8toUCS2 issuer(CERT_GetOrgName(&serverCert->issuer));
+    char *ccn = CERT_GetCommonName(&serverCert->subject);
+    NS_ConvertUTF8toUCS2 cn(ccn);
+    if (ccn) PORT_Free(ccn);
+
+    char *corg = CERT_GetOrgName(&serverCert->subject);
+    NS_ConvertUTF8toUCS2 org(corg);
+    if (corg) PORT_Free(corg);
+
+    char *cissuer = CERT_GetOrgName(&serverCert->issuer);
+    NS_ConvertUTF8toUCS2 issuer(cissuer);
+    if (cissuer) PORT_Free(cissuer);
 
     certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
     certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
diff --git a/security/manager/ssl/src/nsPKCS12Blob.cpp b/security/manager/ssl/src/nsPKCS12Blob.cpp
index 286575dadb6f..1ac01c0d86f9 100644
--- a/security/manager/ssl/src/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/src/nsPKCS12Blob.cpp
@@ -31,7 +31,7 @@
  * may use your version of this file under either the MPL or the
  * GPL.
  *
- * $Id: nsPKCS12Blob.cpp,v 1.27 2002/08/06 05:37:58 henry.jia%sun.com Exp $
+ * $Id: nsPKCS12Blob.cpp,v 1.28 2002/08/23 10:40:27 kaie%netscape.com Exp $
  */
 
 #include "prmem.h"
@@ -597,7 +597,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
   nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
   if (NS_FAILED(rv)) return nsnull;
   int count = 1;
-  nsXPIDLCString nickname;
+  nsCString nickname;
   nsString nickFromProp;
   nssComponent->GetPIPNSSBundleString(
                                  NS_LITERAL_STRING("P12DefaultNickname").get(),
@@ -646,7 +646,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
     return nsnull;
 
   newNick->type = siAsciiString;
-  newNick->data = (unsigned char*) nsCRT::strdup(nickname);
+  newNick->data = (unsigned char*) nsCRT::strdup(nickname.get());
   newNick->len  = strlen((char*)newNick->data);
   return newNick;
 }