From d61cd1a07c229d389ca59985d08cd38966b16e6a Mon Sep 17 00:00:00 2001 From: Kai Engert Date: Wed, 23 Mar 2011 20:35:00 +0100 Subject: [PATCH] Bug 644012, crash with an empty issuer name in SSL certificate, +leak fix ... r=bsmith, a=dveditz --HG-- extra : transplant_source : %FE4F%25%DE%E8%A7%A8%D6%90f%AD%1E%03%F5%FCM%85%AB%00 --- security/manager/ssl/src/nsNSSCallbacks.cpp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp index 58e4e2bc90f..cdfbcce2705 100644 --- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -984,8 +984,11 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, nsNSSShutDownPreventionLock locker; CERTCertificate *serverCert = SSL_PeerCertificate(fd); + CERTCertificateCleaner serverCertCleaner(serverCert); + if (serverCert && serverCert->serialNumber.data && + serverCert->issuerName && !strcmp(serverCert->issuerName, "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) { @@ -1028,8 +1031,6 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd, // We want to remember the CA certs in the temp db, so that the application can find the // complete chain at any time it might need it. // But we keep only those CA certs in the temp db, that we didn't already know. - - CERTCertificateCleaner serverCertCleaner(serverCert); if (serverCert) { nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;