From 4d331091defa9f38dcb8edf3dbb5242edeaa8932 Mon Sep 17 00:00:00 2001
From: "alexei.volkov.bugs%sun.com" <alexei.volkov.bugs%sun.com>
Date: Mon, 17 Jul 2006 21:57:35 +0000
Subject: [PATCH] 341120: Coverity 541 nss_cms_recipients_traverse leaks "rle".
 r=nelson

---
 security/nss/lib/smime/cmsreclist.c | 26 +++++++++++++++++---------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/security/nss/lib/smime/cmsreclist.c b/security/nss/lib/smime/cmsreclist.c
index b3b0f8b54568..92423539ae7a 100644
--- a/security/nss/lib/smime/cmsreclist.c
+++ b/security/nss/lib/smime/cmsreclist.c
@@ -37,7 +37,7 @@
 /*
  * CMS recipient list functions
  *
- * $Id: cmsreclist.c,v 1.4 2005/09/16 17:54:31 wtchang%redhat.com Exp $
+ * $Id: cmsreclist.c,v 1.5 2006/07/17 21:57:35 alexei.volkov.bugs%sun.com Exp $
  */
 
 #include "cmslocal.h"
@@ -66,25 +66,33 @@ nss_cms_recipients_traverse(NSSCMSRecipientInfo **recipientinfos, NSSCMSRecipien
 	switch (ri->recipientInfoType) {
 	case NSSCMSRecipientInfoID_KeyTrans:
 	    if (recipient_list) {
+		NSSCMSRecipientIdentifier *recipId =
+		   &ri->ri.keyTransRecipientInfo.recipientIdentifier;
+
+		if (recipId->identifierType != NSSCMSRecipientID_IssuerSN &&
+                    recipId->identifierType != NSSCMSRecipientID_SubjectKeyID) {
+		    PORT_SetError(SEC_ERROR_INVALID_ARGS);
+		    return -1;
+		}                
 		/* alloc one & fill it out */
 		rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
-		if (rle == NULL)
+		if (!rle)
 		    return -1;
 		
 		rle->riIndex = i;
 		rle->subIndex = -1;
-		switch (ri->ri.keyTransRecipientInfo.recipientIdentifier.identifierType) {
+		switch (recipId->identifierType) {
 		case NSSCMSRecipientID_IssuerSN:
 		    rle->kind = RLIssuerSN;
-		    rle->id.issuerAndSN = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.issuerAndSN;
+		    rle->id.issuerAndSN = recipId->id.issuerAndSN;
 		    break;
 		case NSSCMSRecipientID_SubjectKeyID:
 		    rle->kind = RLSubjKeyID;
-		    rle->id.subjectKeyID = ri->ri.keyTransRecipientInfo.recipientIdentifier.id.subjectKeyID;
+		    rle->id.subjectKeyID = recipId->id.subjectKeyID;
+		    break;
+		default: /* we never get here because of identifierType check
+                            we done before. Leaving it to kill compiler warning */
 		    break;
-		default:
-		    PORT_SetError(SEC_ERROR_INVALID_ARGS);
-		    return -1;
 		}
 		recipient_list[rlindex++] = rle;
 	    } else {
@@ -99,7 +107,7 @@ nss_cms_recipients_traverse(NSSCMSRecipientInfo **recipientinfos, NSSCMSRecipien
 		    rek = ri->ri.keyAgreeRecipientInfo.recipientEncryptedKeys[j];
 		    /* alloc one & fill it out */
 		    rle = (NSSCMSRecipient *)PORT_ZAlloc(sizeof(NSSCMSRecipient));
-		    if (rle == NULL)
+		    if (!rle)
 			return -1;
 		    
 		    rle->riIndex = i;