Fix bugs experienced with oddly constructed general names.

Partially fixes bug 204555. r=wtc a=sspitzer

security/nss/lib/certdb/genname.c

@@ -605,6 +605,7 @@ cert_DecodeNameConstraintSubTree(PRArenaPool   *arena,
     CERTNameConstraint   *next = NULL;
     int                  i = 0;
 
+    PORT_Assert(arena);
     while (subTree[i] != NULL) {
 	current = cert_DecodeNameConstraint(arena, subTree[i]);
 	if (current == NULL) {
@@ -621,14 +622,6 @@ cert_DecodeNameConstraintSubTree(PRArenaPool   *arena,
     first->l.prev = &(current->l);
     return first;
 loser:
-    if (first) {
-	current = first;
-	do {
-	    next = cert_get_next_name_constraint(current);
-	    PORT_Free(current);
-	    current = next;
-	}while (current != first);
-    }
     return NULL;
 }
 
@@ -842,7 +835,7 @@ CERT_AddNameConstraint(CERTNameConstraint *list,
 
 
 SECStatus
-CERT_GetNameConstriantByType (CERTNameConstraint *constraints,
+CERT_GetNameConstraintByType (CERTNameConstraint *constraints,
 			      CERTGeneralNameType type, 
 			      CERTNameConstraint **returnList,
 			      PRArenaPool *arena)
@@ -1268,7 +1261,7 @@ CERT_CompareNameSpace(CERTCertificate  *cert,
     }
     do {
  	if (constraints->excluded != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->excluded, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->excluded, currentName->type, 
  					      &matchingConstraints, arena);
  	    if (rv != SECSuccess) {
  		goto loser;
@@ -1282,7 +1275,7 @@ CERT_CompareNameSpace(CERTCertificate  *cert,
  	    }
  	}
  	if (constraints->permited != NULL) {
- 	    rv = CERT_GetNameConstriantByType(constraints->permited, currentName->type, 
+ 	    rv = CERT_GetNameConstraintByType(constraints->permited, currentName->type, 
  					      &matchingConstraints, arena);
             if (rv != SECSuccess) {
 		goto loser;

security/nss/lib/certdb/secname.c

@@ -67,8 +67,8 @@ CountArray(void **array)
     return count;
 }
 
-static void
+static void **
-**AddToArray(PRArenaPool *arena, void **array, void *element)
+AddToArray(PRArenaPool *arena, void **array, void *element)
 {
     unsigned count;
     void **ap;
@@ -96,35 +96,6 @@ static void
     return array;
 }
 
-#if 0
-static void
-**RemoveFromArray(void **array, void *element)
-{
-    unsigned count;
-    void **ap;
-    int slot;
-
-    /* Look for element */
-    ap = array;
-    if (ap) {
-	count = 1;			/* count the null at the end */
-	slot = -1;
-	for (; *ap; ap++, count++) {
-	    if (*ap == element) {
-		/* Found it */
-		slot = ap - array;
-	    }
-	}
-	if (slot >= 0) {
-	    /* Found it. Squish array down */
-	    PORT_Memmove((void*) (array + slot), (void*) (array + slot + 1),
-		       (count - slot - 1) * sizeof(void*));
-	    /* Don't bother reallocing the memory */
-	}
-    }
-    return array;
-}
-#endif /* 0 */
 
 SECOidTag
 CERT_GetAVATag(CERTAVA *ava)
@@ -461,27 +432,38 @@ SECStatus
 CERT_CopyName(PRArenaPool *arena, CERTName *to, CERTName *from)
 {
     CERTRDN **rdns, *frdn, *trdn;
-    SECStatus rv;
+    SECStatus rv = SECSuccess;
 
-    if (!to || !from)
+    if (!to || !from) {
+	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
+    }
 
     CERT_DestroyName(to);
     to->arena = arena;
 
     /* Copy each rdn from from */
     rdns = from->rdns;
-    while ((frdn = *rdns++) != 0) {
+    if (rdns) {
+    	if (rdns[0] == NULL) {
+	    rv = CERT_AddRDN(to, NULL);
+	    return rv;
+	}
+	while ((frdn = *rdns++) != NULL) {
 	    trdn = CERT_CreateRDN(arena, 0);
-	if ( trdn == NULL ) {
+	    if (!trdn) {
-	    return(SECFailure);
+		rv = SECFailure;
+		break;
 	    }
 	    rv = CERT_CopyRDN(arena, trdn, frdn);
-	if (rv) return rv;
+	    if (rv != SECSuccess) 
+	        break;
 	    rv = CERT_AddRDN(to, trdn);
-	if (rv) return rv;
+	    if (rv != SECSuccess) 
+	        break;
 	}
-    return SECSuccess;
+    }
+    return rv;
 }
 
 /************************************************************************/