bug 174200, don't attempt to decode cert when destroying it, handle failure

to decode cert serial number r=nelsonb
2003-02-18 20:53:14 +00:00 · 2003-02-18 20:53:14 +00:00 · d84324a740
--- a/security/nss/lib/certdb/stanpcertdb.c
+++ b/security/nss/lib/certdb/stanpcertdb.c
@ -593,33 +593,19 @@ loser:
 void
 CERT_DestroyCertificate(CERTCertificate *cert)
 {
-    int refCount;
-    CERTCertDBHandle *handle;
    if ( cert ) {
-	NSSCertificate *tmp = STAN_GetNSSCertificate(cert);
-	handle = cert->dbhandle;
-#ifdef NSS_CLASSIC
-        CERT_LockCertRefCount(cert);
-	PORT_Assert(cert->referenceCount > 0);
-	refCount = --cert->referenceCount;
-        CERT_UnlockCertRefCount(cert);
-	if ( ( refCount == 0 ) && !cert->keepSession ) {
-	    PRArenaPool *arena  = cert->arena;
-	    /* zero cert before freeing. Any stale references to this cert
-	     * after this point will probably cause an exception.  */
-	    PORT_Memset(cert, 0, sizeof *cert);
-	    cert = NULL;
-	    /* free the arena that contains the cert. */
-	    PORT_FreeArena(arena, PR_FALSE);
-        }
-#else
+	/* don't use STAN_GetNSSCertificate because we don't want to
+	 * go to the trouble of translating the CERTCertificate into
+	 * an NSSCertificate just to destroy it.  If it hasn't been done
+	 * yet, don't do it at all.
+	 */
+	NSSCertificate *tmp = cert->nssCertificate;
 	if (tmp) {
 	    /* delete the NSSCertificate */
 	    NSSCertificate_Destroy(tmp);
 	} else {
 	    PORT_FreeArena(cert->arena, PR_FALSE);
 	}
-#endif
    }
    return;
 }
--- a/security/nss/lib/pki/pki3hack.c
+++ b/security/nss/lib/pki/pki3hack.c
@ -32,7 +32,7 @@
 */

 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.73 $ $Date: 2003-01-08 21:48:43 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.74 $ $Date: 2003-02-18 20:53:14 $ $Name:  $";
 #endif /* DEBUG */

 /*
@ -806,7 +806,12 @@ STAN_GetNSSCertificate(CERTCertificate *cc)
 	* here.  sigh.
 	*/
 	SECItem derSerial;
-	CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+	SECStatus secrv;
+	secrv = CERT_SerialNumberFromDERCert(&cc->derCert, &derSerial);
+	if (secrv == SECFailure) {
+	    nssArena_Destroy(arena);
+	    return NULL;
+	}
 	nssItem_Create(arena, &c->serial, derSerial.len, derSerial.data);
 	PORT_Free(derSerial.data);
    }