Fix for 202348 - check cert & key pointers returned by client auth application callback, to fix crash . r=nelsonb

2003-04-17 02:03:39 +00:00 · 2003-04-17 02:03:39 +00:00 · e5e7ae2540
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@ -37,7 +37,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: ssl3con.c,v 1.53 2003-03-29 00:18:26 nelsonb%netscape.com Exp $
+ * $Id: ssl3con.c,v 1.54 2003-04-17 02:03:38 jpierre%netscape.com Exp $
 */

 #include "nssrenam.h"
@ -5127,6 +5127,21 @@ ssl3_HandleCertificateRequest(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	break;	/* not an error */

    case SECSuccess:
+        /* check what the callback function returned */
+        if ((!ssl3->clientCertificate) || (!ssl3->clientPrivateKey)) {
+            /* we are missing either the key or cert */
+            if (ssl3->clientCertificate) {
+                /* got a cert, but no key - free it */
+                CERT_DestroyCertificate(ssl3->clientCertificate);
+                ssl3->clientCertificate = NULL;
+            }
+            if (ssl3->clientPrivateKey) {
+                /* got a key, but no cert - free it */
+                SECKEY_DestroyPrivateKey(ssl3->clientPrivateKey);
+                ssl3->clientPrivateKey = NULL;
+            }
+            goto send_no_certificate;
+        }
 	/* Setting ssl3->clientCertChain non-NULL will cause
 	 * ssl3_HandleServerHelloDone to call SendCertificate.
 	 */
--- a/security/nss/lib/ssl/sslcon.c
+++ b/security/nss/lib/ssl/sslcon.c
@ -36,7 +36,7 @@
 * may use your version of this file under either the MPL or the
 * GPL.
 *
- * $Id: sslcon.c,v 1.20 2003-02-27 01:31:30 nelsonb%netscape.com Exp $
+ * $Id: sslcon.c,v 1.21 2003-04-17 02:03:39 jpierre%netscape.com Exp $
 */

 #include "nssrenam.h"
@ -2344,6 +2344,22 @@ ssl2_HandleRequestCertificate(sslSocket *ss)
 	goto no_cert_error;
    }

+    /* check what the callback function returned */
+    if ((!cert) || (!key)) {
+        /* we are missing either the key or cert */
+        if (cert) {
+            /* got a cert, but no key - free it */
+            CERT_DestroyCertificate(cert);
+            cert = NULL;
+        }
+        if (key) {
+            /* got a key, but no cert - free it */
+            SECKEY_DestroyPrivateKey(key);
+            key = NULL;
+        }
+        goto no_cert_error;
+    }
+
    rv = ssl2_SignResponse(ss, key, &response);
    if ( rv != SECSuccess ) {
 	ret = -1;