From fc447dbc65d7a3e8516c96e14fe9d9ee94959878 Mon Sep 17 00:00:00 2001
From: "relyea%netscape.com" <relyea%netscape.com>
Date: Wed, 21 Aug 2002 00:09:23 +0000
Subject: [PATCH] 1) fix crl memory. 2) remove several memory copies in the
 crl.

---
 security/nss/lib/softoken/pcert.h   |  6 +--
 security/nss/lib/softoken/pcertdb.c | 24 ++++--------
 security/nss/lib/softoken/pkcs11.c  |  7 ++--
 security/nss/lib/softoken/pkcs11u.c | 57 ++++++++++-------------------
 4 files changed, 34 insertions(+), 60 deletions(-)

diff --git a/security/nss/lib/softoken/pcert.h b/security/nss/lib/softoken/pcert.h
index bcd94bc3468..e8674f2712f 100644
--- a/security/nss/lib/softoken/pcert.h
+++ b/security/nss/lib/softoken/pcert.h
@@ -70,9 +70,9 @@ nsslowcert_TraversePermCerts(NSSLOWCERTCertDBHandle *handle,
 PRBool
 nsslowcert_CertDBKeyConflict(SECItem *derCert, NSSLOWCERTCertDBHandle *handle);
 
-SECItem *
-nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey,
-				 		char **urlp, PRBool isKRL);
+certDBEntryRevocation *
+nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle,
+					 SECItem *crlKey, PRBool isKRL);
 
 SECStatus
 nsslowcert_DeletePermCRL(NSSLOWCERTCertDBHandle *handle,SECItem *derName,
diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c
index cf17e623b50..55ba363c352 100644
--- a/security/nss/lib/softoken/pcertdb.c
+++ b/security/nss/lib/softoken/pcertdb.c
@@ -34,7 +34,7 @@
 /*
  * Permanent Certificate database handling code 
  *
- * $Id: pcertdb.c,v 1.28 2002-07-16 16:44:21 relyea%netscape.com Exp $
+ * $Id: pcertdb.c,v 1.29 2002-08-21 00:09:22 relyea%netscape.com Exp $
  */
 #include "prtime.h"
 
@@ -250,7 +250,7 @@ certdb_Get(DB *db, DBT *key, DBT *data, unsigned int flags)
     
     PORT_Assert(dbLock != NULL);
     PZ_Lock(dbLock);
-    
+
     ret = (* db->get)(db, key, data, flags);
 
     prstat = PZ_Unlock(dbLock);
@@ -262,7 +262,7 @@ static int
 certdb_Put(DB *db, DBT *key, DBT *data, unsigned int flags)
 {
     PRStatus prstat;
-    int ret;
+    int ret = 0;
 
     PORT_Assert(dbLock != NULL);
     PZ_Lock(dbLock);
@@ -1368,7 +1368,7 @@ ReadDBCrlEntry(NSSLOWCERTCertDBHandle *handle, SECItem *certKey,
 	goto loser;
     }
     
-    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, tmparena);
+    rv = ReadDBEntry(handle, &entry->common, &dbkey, &dbentry, NULL);
     if ( rv == SECFailure ) {
 	goto loser;
     }
@@ -4784,9 +4784,9 @@ nsslowcert_DestroyCertificateNoLocking(NSSLOWCERTCertificate *cert)
  * Lookup a CRL in the databases. We mirror the same fast caching data base
  *  caching stuff used by certificates....?
  */
-SECItem *
-nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey, 
-		char **url, PRBool isKRL)
+certDBEntryRevocation *
+nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, 
+						SECItem *crlKey, PRBool isKRL)
 {
     SECItem keyitem;
     DBT key;
@@ -4817,20 +4817,12 @@ nsslowcert_FindCrlByKey(NSSLOWCERTCertDBHandle *handle, SECItem *crlKey,
 	goto loser;
     }
 
-    if (url && entry->url) {
-	*url = PORT_Strdup(entry->url);
-    }
-    crl = SECITEM_DupItem(&entry->derCrl);
-
 loser:
     if ( arena ) {
 	PORT_FreeArena(arena, PR_FALSE);
     }
-    if (entry) {
-	DestroyDBEntry((certDBEntry *)entry);
-    }
     
-    return(crl);
+    return entry;
 }
 
 /*
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c
index 5b1a5d6aea7..1026214b7cc 100644
--- a/security/nss/lib/softoken/pkcs11.c
+++ b/security/nss/lib/softoken/pkcs11.c
@@ -3602,12 +3602,13 @@ pk11_searchCrls(PK11Slot *slot, SECItem *derSubject, PRBool isKrl,
 	return;
     }
     if (derSubject->data != NULL)  {
-	SECItem *crl = 
-	    nsslowcert_FindCrlByKey(certHandle,derSubject,NULL,isKrl);
+	certDBEntryRevocation *crl = 
+	    nsslowcert_FindCrlByKey(certHandle, derSubject, isKrl);
 
 	if (crl != NULL) {
-	    pk11_addHandle(search, pk11_mkHandle(slot,derSubject,
+	    pk11_addHandle(search, pk11_mkHandle(slot, derSubject,
 		isKrl ? PK11_TOKEN_KRL_HANDLE : PK11_TOKEN_TYPE_CRL));
+	    nsslowcert_DestroyDBEntry((certDBEntry *)crl);
 	}
     } else {
 	pk11CrlData crlData;
diff --git a/security/nss/lib/softoken/pkcs11u.c b/security/nss/lib/softoken/pkcs11u.c
index 4f7a5bf13a9..7088fa41639 100644
--- a/security/nss/lib/softoken/pkcs11u.c
+++ b/security/nss/lib/softoken/pkcs11u.c
@@ -344,50 +344,27 @@ pk11_getSMime(PK11TokenObject *object)
     return entry;
 }
 
-static SECItem *
+static certDBEntryRevocation *
 pk11_getCrl(PK11TokenObject *object)
 {
-    SECItem *crl;
+    certDBEntryRevocation *crl;
     PRBool isKrl;
 
     if (object->obj.objclass != CKO_NETSCAPE_CRL) {
 	return NULL;
     }
     if (object->obj.objectInfo) {
-	return (SECItem *)object->obj.objectInfo;
+	return (certDBEntryRevocation *)object->obj.objectInfo;
     }
 
     isKrl = (PRBool) object->obj.handle == PK11_TOKEN_KRL_HANDLE;
-    crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,&object->dbKey,
-								NULL,isKrl);
+    crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,
+							&object->dbKey, isKrl);
     object->obj.objectInfo = (void *)crl;
-    object->obj.infoFree = (PK11Free) pk11_FreeItem;
+    object->obj.infoFree = (PK11Free) nsslowcert_DestroyDBEntry;
     return crl;
 }
 
-static char *
-pk11_getUrl(PK11TokenObject *object)
-{
-    SECItem *crl;
-    PRBool isKrl;
-    char *url = NULL;
-
-    if (object->obj.objclass != CKO_NETSCAPE_CRL) {
-	return NULL;
-    }
-
-    isKrl = (PRBool) object->obj.handle == PK11_TOKEN_KRL_HANDLE;
-    crl = nsslowcert_FindCrlByKey(object->obj.slot->certDB,&object->dbKey,
-								&url,isKrl);
-    if (object->obj.objectInfo == NULL) {
-	object->obj.objectInfo = (void *)crl;
-	object->obj.infoFree = (PK11Free) pk11_FreeItem;
-    } else {
-	if (crl) SECITEM_FreeItem(crl,PR_TRUE);
-    }
-    return url;
-}
-
 static NSSLOWCERTCertificate *
 pk11_getCert(PK11TokenObject *object)
 {
@@ -991,7 +968,7 @@ trust:
 static PK11Attribute *
 pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
 {
-    SECItem *crl;
+    certDBEntryRevocation *crl;
     char *url;
 
     switch (type) {
@@ -1001,19 +978,23 @@ pk11_FindCrlAttribute(PK11TokenObject *object, CK_ATTRIBUTE_TYPE type)
     case CKA_NETSCAPE_KRL:
 	return (PK11Attribute *) ((object->obj.handle == PK11_TOKEN_KRL_HANDLE) 
 			? &pk11_StaticTrueAttr : &pk11_StaticFalseAttr);
+    case CKA_SUBJECT:
+	return pk11_NewTokenAttribute(type,object->dbKey.data,
+						object->dbKey.len, PR_FALSE);	
+    default:
+	break;
+    }
+    crl =  pk11_getCrl(object);
+    switch (type) {
     case CKA_NETSCAPE_URL:
-	url = pk11_getUrl(object);
 	if (url == NULL) {
 	    return (PK11Attribute *) &pk11_StaticNullAttr;
 	}
-	return pk11_NewTokenAttribute(type, url, PORT_Strlen(url)+1, PR_TRUE);
+	return pk11_NewTokenAttribute(type, crl->url, 
+					PORT_Strlen(crl->url)+1, PR_TRUE);
     case CKA_VALUE:
-	crl = pk11_getCrl(object);
-	if (crl == NULL) break;
-	return pk11_NewTokenAttribute(type, crl->data, crl->len, PR_FALSE);
-    case CKA_SUBJECT:
-	return pk11_NewTokenAttribute(type,object->dbKey.data,
-						object->dbKey.len, PR_FALSE);
+	return pk11_NewTokenAttribute(type, crl->derCrl.data, 
+						crl->derCrl.len, PR_FALSE);
     default:
 	break;
     }