mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-10 03:45:46 +00:00
Bug 211384: fixed the bug that importing a CRL that already exists in the
DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we should not obtain a slot reference because PK11_FindCrlByName already obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
This commit is contained in:
parent
b290411a4b
commit
485a88c60e
@ -34,7 +34,7 @@
|
||||
/*
|
||||
* Moved from secpkcs7.c
|
||||
*
|
||||
* $Id: crl.c,v 1.33 2003/03/04 22:34:56 relyea%netscape.com Exp $
|
||||
* $Id: crl.c,v 1.34 2003/07/08 18:41:25 wtc%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "cert.h"
|
||||
@ -575,10 +575,6 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
|
||||
return SECFailure;
|
||||
}
|
||||
|
||||
if (slot) {
|
||||
PK11_ReferenceSlot(slot);
|
||||
}
|
||||
|
||||
/* XXX it would be really useful to be able to fetch the CRL directly into an
|
||||
arena. This would avoid a copy later on in the decode step */
|
||||
PORT_SetError(0);
|
||||
@ -593,6 +589,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
|
||||
goto loser;
|
||||
}
|
||||
PORT_Assert(crlHandle != CK_INVALID_HANDLE);
|
||||
/* PK11_FindCrlByName obtained a slot reference. */
|
||||
|
||||
crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, type, decodeoptions);
|
||||
if (crl) {
|
||||
@ -610,11 +607,11 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
|
||||
PORT_Free(url);
|
||||
}
|
||||
|
||||
loser:
|
||||
if (slot) {
|
||||
PK11_FreeSlot(slot);
|
||||
}
|
||||
|
||||
loser:
|
||||
if (derCrl) {
|
||||
/* destroy the DER, unless a decoded CRL was returned with DER
|
||||
allocated on the heap. This is solely for cache purposes */
|
||||
|
@ -3776,10 +3776,14 @@ loser:
|
||||
PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
|
||||
return NULL;
|
||||
}
|
||||
*slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
|
||||
*crlHandle = crl->object.instances[0]->handle;
|
||||
if (crl->url) {
|
||||
*url = PORT_Strdup(crl->url);
|
||||
if (!*url) {
|
||||
nssCRL_Destroy(crl);
|
||||
return NULL;
|
||||
}
|
||||
} else {
|
||||
*url = NULL;
|
||||
}
|
||||
rvItem = SECITEM_AllocItem(NULL, NULL, crl->encoding.size);
|
||||
if (!rvItem) {
|
||||
@ -3788,6 +3792,8 @@ loser:
|
||||
return NULL;
|
||||
}
|
||||
memcpy(rvItem->data, crl->encoding.data, crl->encoding.size);
|
||||
*slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
|
||||
*crlHandle = crl->object.instances[0]->handle;
|
||||
nssCRL_Destroy(crl);
|
||||
return rvItem;
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user