Bug 211384: fixed the bug that importing a CRL that already exists in the

DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we should not obtain a slot reference because PK11_FindCrlByName already obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
2024-10-10 03:45:46 +00:00 · 2003-07-08 18:41:28 +00:00 · 2003-07-08 18:41:28 +00:00 · 485a88c60e
commit 485a88c60e
parent b290411a4b
2 changed files with 11 additions and 8 deletions
--- a/security/nss/lib/certdb/crl.c
+++ b/security/nss/lib/certdb/crl.c
@ -34,7 +34,7 @@
 /*
 * Moved from secpkcs7.c
 *
- * $Id: crl.c,v 1.33 2003/03/04 22:34:56 relyea%netscape.com Exp $
+ * $Id: crl.c,v 1.34 2003/07/08 18:41:25 wtc%netscape.com Exp $
 */
 
 #include "cert.h"
@ -575,10 +575,6 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
        return SECFailure;
    }

-    if (slot) {
-	PK11_ReferenceSlot(slot);
-    }
-
    /* XXX it would be really useful to be able to fetch the CRL directly into an
       arena. This would avoid a copy later on in the decode step */
    PORT_SetError(0);
@ -593,6 +589,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
 	goto loser;
    }
    PORT_Assert(crlHandle != CK_INVALID_HANDLE);
+    /* PK11_FindCrlByName obtained a slot reference. */
    
    crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, type, decodeoptions);
    if (crl) {
@ -610,11 +607,11 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
 	PORT_Free(url);
    }

-loser:
    if (slot) {
 	PK11_FreeSlot(slot);
    }

+loser:
    if (derCrl) {
        /* destroy the DER, unless a decoded CRL was returned with DER
           allocated on the heap. This is solely for cache purposes */
--- a/security/nss/lib/pk11wrap/pk11cert.c
+++ b/security/nss/lib/pk11wrap/pk11cert.c
@ -3776,10 +3776,14 @@ loser:
 	PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
 	return NULL;
    }
-    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
-    *crlHandle = crl->object.instances[0]->handle;
    if (crl->url) {
 	*url = PORT_Strdup(crl->url);
+	if (!*url) {
+	    nssCRL_Destroy(crl);
+	    return NULL;
+	}
+    } else {
+	*url = NULL;
    }
    rvItem = SECITEM_AllocItem(NULL, NULL, crl->encoding.size);
    if (!rvItem) {
@ -3788,6 +3792,8 @@ loser:
 	return NULL;
    }
    memcpy(rvItem->data, crl->encoding.data, crl->encoding.size);
+    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
+    *crlHandle = crl->object.instances[0]->handle;
    nssCRL_Destroy(crl);
    return rvItem;
 #endif