Bug 211384: fixed the bug that importing a CRL that already exists in…

… the DB causes NSS_Shutdown to fail. Two files were changed. 1. crl.c: we should not obtain a slot reference because PK11_FindCrlByName already obtained a slot reference. 2. pk11cert.c: cleaned up code and fixed a slot reference leak if the SECITEM_AllocItem call fails. r=nelsonb.
sailfishos-mirror · Jul 8, 2003 · 40a39b9 · 40a39b9
1 parent 5018729
commit 40a39b9
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 7 deletions.
diff --git a/security/nss/lib/certdb/crl.c b/security/nss/lib/certdb/crl.c
@@ -575,10 +575,6 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
         return SECFailure;
     }
 
-    if (slot) {
-	PK11_ReferenceSlot(slot);
-    }
-
     /* XXX it would be really useful to be able to fetch the CRL directly into an
        arena. This would avoid a copy later on in the decode step */
     PORT_SetError(0);
@@ -593,6 +589,7 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
 	goto loser;
     }
     PORT_Assert(crlHandle != CK_INVALID_HANDLE);
+    /* PK11_FindCrlByName obtained a slot reference. */
 
     crl = CERT_DecodeDERCrlWithFlags(NULL, derCrl, type, decodeoptions);
     if (crl) {
@@ -610,11 +607,11 @@ SEC_FindCrlByKeyOnSlot(PK11SlotInfo *slot, SECItem *crlKey, int type,
 	PORT_Free(url);
     }
 
-loser:
     if (slot) {
 	PK11_FreeSlot(slot);
     }
 
+loser:
     if (derCrl) {
         /* destroy the DER, unless a decoded CRL was returned with DER
            allocated on the heap. This is solely for cache purposes */

diff --git a/security/nss/lib/pk11wrap/pk11cert.c b/security/nss/lib/pk11wrap/pk11cert.c
@@ -3776,10 +3776,14 @@ PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *crlHandle,
 	PORT_SetError(SEC_ERROR_CRL_NOT_FOUND);
 	return NULL;
     }
-    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
-    *crlHandle = crl->object.instances[0]->handle;
     if (crl->url) {
 	*url = PORT_Strdup(crl->url);
+	if (!*url) {
+	    nssCRL_Destroy(crl);
+	    return NULL;
+	}
+    } else {
+	*url = NULL;
     }
     rvItem = SECITEM_AllocItem(NULL, NULL, crl->encoding.size);
     if (!rvItem) {
@@ -3788,6 +3792,8 @@ PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *crlHandle,
 	return NULL;
     }
     memcpy(rvItem->data, crl->encoding.data, crl->encoding.size);
+    *slot = PK11_ReferenceSlot(crl->object.instances[0]->token->pk11slot);
+    *crlHandle = crl->object.instances[0]->handle;
     nssCRL_Destroy(crl);
     return rvItem;
 #endif