wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 644070 - nsNSSCertificate::defaultServerNickname leaks in case of server name conflict; r=mayhemer

Browse Source
This commit is contained in:
Ehsan Akhgari 2011-03-27 15:09:32 -04:00
parent b5f305985c
commit ab717a320a
3 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
security/manager/ssl/src/nsCertOverrideService.cpp
View File

@ -513,22 +513,26 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, PR
CERTCertificateCleaner nsscertCleaner(nsscert); CERTCertificateCleaner nsscertCleaner(nsscert);
nsCAutoString nickname; char* nickname = nsNSSCertificate::defaultServerNickname(nsscert);
nickname = nsNSSCertificate::defaultServerNickname(nsscert); if (!aTemporary && nickname && *nickname)
if (!aTemporary && !nickname.IsEmpty())
{ {
PK11SlotInfo *slot = PK11_GetInternalKeySlot(); PK11SlotInfo *slot = PK11_GetInternalKeySlot();
if (!slot) if (!slot) {
return NS_ERROR_FAILURE; PR_Free(nickname);
SECStatus srv = PK11_ImportCert(slot, nsscert, CK_INVALID_HANDLE,
const_cast<char*>(nickname.get()), PR_FALSE);
PK11_FreeSlot(slot);
if (srv != SECSuccess)
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
} }
SECStatus srv = PK11_ImportCert(slot, nsscert, CK_INVALID_HANDLE,
nickname, PR_FALSE);
PK11_FreeSlot(slot);
if (srv != SECSuccess) {
PR_Free(nickname);
return NS_ERROR_FAILURE;
}
}
PR_FREEIF(nickname);
nsCAutoString fpStr; nsCAutoString fpStr;
nsresult rv = GetCertFingerprintByOidTag(nsscert, nsresult rv = GetCertFingerprintByOidTag(nsscert,
mOidTagForStoringNewHashes, fpStr); mOidTagForStoringNewHashes, fpStr);

8
security/manager/ssl/src/nsNSSCallbacks.cpp
View File

@ -1099,16 +1099,16 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
} }
// We have found a signer cert that we want to remember. // We have found a signer cert that we want to remember.
nsCAutoString nickname; char* nickname = nsNSSCertificate::defaultServerNickname(node->cert);
nickname = nsNSSCertificate::defaultServerNickname(node->cert); if (nickname && *nickname) {
if (!nickname.IsEmpty()) {
PK11SlotInfo *slot = PK11_GetInternalKeySlot(); PK11SlotInfo *slot = PK11_GetInternalKeySlot();
if (slot) { if (slot) {
PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE, PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE,
const_cast<char*>(nickname.get()), PR_FALSE); nickname, PR_FALSE);
PK11_FreeSlot(slot); PK11_FreeSlot(slot);
} }
} }
PR_FREEIF(nickname);
} }
CERT_DestroyCertList(certList); CERT_DestroyCertList(certList);

2
security/manager/ssl/src/nsNSSCertificate.h
View File

@ -85,6 +85,8 @@ public:
static nsNSSCertificate* Create(CERTCertificate *cert = nsnull); static nsNSSCertificate* Create(CERTCertificate *cert = nsnull);
static nsNSSCertificate* ConstructFromDER(char *certDER, int derLen); static nsNSSCertificate* ConstructFromDER(char *certDER, int derLen);
// It is the responsibility of the caller of this method to free the returned
// string using PR_Free.
static char* defaultServerNickname(CERTCertificate* cert); static char* defaultServerNickname(CERTCertificate* cert);
private: private: