Bug 510135: Fix leaks of certificatePolicies and subjectAltName

extensions. r=alexei.volkov.
2009-08-15 20:51:10 -07:00 · 2009-08-15 20:51:10 -07:00 · f7e7fdc369
--- a/security/manager/ssl/src/nsIdentityChecking.cpp
+++ b/security/manager/ssl/src/nsIdentityChecking.cpp
@ -890,19 +890,21 @@ static SECStatus getFirstEVPolicy(CERTCertificate *cert, SECOidTag &outOidTag)
    
      policyInfos = policies->policyInfos;

+      PRBool found = PR_FALSE;
      while (*policyInfos != NULL) {
        policyInfo = *policyInfos++;

        SECOidTag oid_tag = policyInfo->oid;
-        if (oid_tag == SEC_OID_UNKNOWN) // not in our list of OIDs accepted for EV
-          continue;
-
-        if (!isEVPolicy(oid_tag))
-          continue;
-
-        outOidTag = oid_tag;
-        return SECSuccess;
+        if (oid_tag != SEC_OID_UNKNOWN && isEVPolicy(oid_tag)) {
+          // in our list of OIDs accepted for EV
+          outOidTag = oid_tag;
+          found = PR_TRUE;
+          break;
+        }
      }
+      CERT_DestroyCertificatePoliciesExtension(policies);
+      if (found)
+        return SECSuccess;
    }
  }

--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -953,8 +953,8 @@ AppendErrorTextUntrusted(PRErrorCode errTrust,
  }
 }

-// returns TRUE if SAN was used to produce names
-// return FALSE if nothing was produced
+// returns PR_TRUE if SAN was used to produce names
+// return PR_FALSE if nothing was produced
 // names => a single name or a list of names
 // multipleNames => whether multiple names were delivered
 static PRBool
@ -969,22 +969,22 @@ GetSubjectAltNames(CERTCertificate *nssCert,
  PRArenaPool *san_arena = nsnull;
  SECItem altNameExtension = {siBuffer, NULL, 0 };
  CERTGeneralName *sanNameList = nsnull;
+  PRBool ok = PR_FALSE;
+
+  san_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+  if (!san_arena)
+    return ok;

  nsresult rv;
  rv = CERT_FindCertExtension(nssCert, SEC_OID_X509_SUBJECT_ALT_NAME,
                              &altNameExtension);
  if (rv != SECSuccess)
-    return PR_FALSE;
-
-  san_arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-  if (!san_arena)
-    return PR_FALSE;
+    goto loser;

  sanNameList = CERT_DecodeAltNameExtension(san_arena, &altNameExtension);
-  if (!sanNameList)
-    return PR_FALSE;
-
  SECITEM_FreeItem(&altNameExtension, PR_FALSE);
+  if (!sanNameList)
+    goto loser;

  CERTGeneralName *current = sanNameList;
  do {
@ -1031,9 +1031,11 @@ GetSubjectAltNames(CERTCertificate *nssCert,
    }
    current = CERT_GetNextGeneralName(current);
  } while (current != sanNameList); // double linked
+  ok = PR_TRUE;

+loser:
  PORT_FreeArena(san_arena, PR_FALSE);
-  return PR_TRUE;
+  return ok;
 }

 static void