mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

fix leakage in traversal functions that convert certs to CERTCertificates

This commit is contained in:
ian.mcgreer%sun.com 2002-01-24 00:34:03 +00:00
Родитель b482961799
Коммит 82686aae13
2 изменённых файлов: 28 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

9
security/nss/lib/pk11wrap/pk11cert.c
Просмотреть файл

@ -111,7 +111,11 @@ static PRStatus convert_and_cache_cert(NSSCertificate *c, void *arg)
static void cert_destructor(void *el) static void cert_destructor(void *el)
{ {
NSSCertificate *c = (NSSCertificate *)el; NSSCertificate *c = (NSSCertificate *)el;
NSSCertificate_Destroy(c); CERTCertificate *cert = STAN_GetCERTCertificate(c);
/* It's already been obtained as a CERTCertificate, so it must
* be destroyed as one
*/
CERT_DestroyCertificate(cert);
} }
void void
@ -1584,6 +1588,7 @@ PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
cert->dbhandle = STAN_GetDefaultTrustDomain(); cert->dbhandle = STAN_GetDefaultTrustDomain();
if (cert->slot == NULL) { if (cert->slot == NULL) {
cert->slot = PK11_ReferenceSlot(slot); cert->slot = PK11_ReferenceSlot(slot);
cert->ownSlot = PR_TRUE;
if (cert->nssCertificate) { if (cert->nssCertificate) {
nssCryptokiInstance *instance; nssCryptokiInstance *instance;
NSSCertificate *c = cert->nssCertificate; NSSCertificate *c = cert->nssCertificate;
@ -2235,7 +2240,7 @@ PK11_FindObjectForCert(CERTCertificate *cert, void *wincx, PK11SlotInfo **pSlot)
if (cert->slot == NULL) { if (cert->slot == NULL) {
cert->slot = PK11_ReferenceSlot(*pSlot); cert->slot = PK11_ReferenceSlot(*pSlot);
cert->pkcs11ID = certHandle; cert->pkcs11ID = certHandle;
cert->ownSlot = PR_FALSE; cert->ownSlot = PR_TRUE;
} }
} }

22
security/nss/lib/pki/trustdomain.c
Просмотреть файл

@ -32,7 +32,7 @@
*/ */
#ifdef DEBUG #ifdef DEBUG
static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.28 $ $Date: 2002/01/23 20:35:18 $ $Name: $"; static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.29 $ $Date: 2002/01/24 00:34:03 $ $Name: $";
#endif /* DEBUG */ #endif /* DEBUG */
#ifndef NSSPKI_H #ifndef NSSPKI_H
@ -55,6 +55,10 @@ static const char CVS_ID[] = "@(#) $RCSfile: trustdomain.c,v $ $Revision: 1.28 $
#include "ckhelper.h" #include "ckhelper.h"
#endif /* CKHELPER_H */ #endif /* CKHELPER_H */
#ifdef NSS_3_4_CODE
#include "cert.h"
#endif
extern const NSSError NSS_ERROR_NOT_FOUND; extern const NSSError NSS_ERROR_NOT_FOUND;
#define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32 #define NSSTRUSTDOMAIN_DEFAULT_CACHE_SIZE 32
@ -885,6 +889,18 @@ static PRStatus traverse_callback(NSSCertificate *c, void *arg)
return nssrv; return nssrv;
} }
#ifdef NSS_3_4_CODE
static void cert_destructor_with_cache(void *el)
{
NSSCertificate *c = (NSSCertificate *)el;
CERTCertificate *cert = STAN_GetCERTCertificate(c);
/* It's already been obtained as a CERTCertificate, so it must
* be destroyed as one
*/
CERT_DestroyCertificate(cert);
}
#endif
NSS_IMPLEMENT PRStatus * NSS_IMPLEMENT PRStatus *
NSSTrustDomain_TraverseCertificates NSSTrustDomain_TraverseCertificates
( (
@ -918,7 +934,11 @@ NSSTrustDomain_TraverseCertificates
nssrv = nssToken_TraverseCertificates(token, NULL, &search); nssrv = nssToken_TraverseCertificates(token, NULL, &search);
} }
nssListIterator_Finish(td->tokens); nssListIterator_Finish(td->tokens);
#ifdef NSS_3_4_CODE
nssList_Clear(certList, cert_destructor_with_cache);
#else
nssList_Clear(certList, cert_destructor); nssList_Clear(certList, cert_destructor);
#endif
nssList_Destroy(certList); nssList_Destroy(certList);
return NULL; return NULL;
} }