Bug 644070 - nsNSSCertificate::defaultServerNickname leaks in case of server name conflict; r=mayhemer

2024-09-13 09:24:08 -07:00 · 2011-03-27 15:09:32 -04:00 · 2011-03-27 15:09:32 -04:00 · ab717a320a
commit ab717a320a
parent b5f305985c
3 changed files with 16 additions and 10 deletions
--- a/security/manager/ssl/src/nsCertOverrideService.cpp
+++ b/security/manager/ssl/src/nsCertOverrideService.cpp
@ -513,22 +513,26 @@ nsCertOverrideService::RememberValidityOverride(const nsACString & aHostName, PR

  CERTCertificateCleaner nsscertCleaner(nsscert);

-  nsCAutoString nickname;
-  nickname = nsNSSCertificate::defaultServerNickname(nsscert);
-  if (!aTemporary && !nickname.IsEmpty())
+  char* nickname = nsNSSCertificate::defaultServerNickname(nsscert);
+  if (!aTemporary && nickname && *nickname)
  {
    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
-    if (!slot)
-      return NS_ERROR_FAILURE;
-  
-    SECStatus srv = PK11_ImportCert(slot, nsscert, CK_INVALID_HANDLE, 
-                                    const_cast<char*>(nickname.get()), PR_FALSE);
-    PK11_FreeSlot(slot);
-  
-    if (srv != SECSuccess)
+    if (!slot) {
+      PR_Free(nickname);
      return NS_ERROR_FAILURE;
    }
  
+    SECStatus srv = PK11_ImportCert(slot, nsscert, CK_INVALID_HANDLE, 
+                                    nickname, PR_FALSE);
+    PK11_FreeSlot(slot);
+  
+    if (srv != SECSuccess) {
+      PR_Free(nickname);
+      return NS_ERROR_FAILURE;
+    }
+  }
+  PR_FREEIF(nickname);
+
  nsCAutoString fpStr;
  nsresult rv = GetCertFingerprintByOidTag(nsscert, 
                  mOidTagForStoringNewHashes, fpStr);
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@ -1099,16 +1099,16 @@ SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
        }

        // We have found a signer cert that we want to remember.
-        nsCAutoString nickname;
-        nickname = nsNSSCertificate::defaultServerNickname(node->cert);
-        if (!nickname.IsEmpty()) {
+        char* nickname = nsNSSCertificate::defaultServerNickname(node->cert);
+        if (nickname && *nickname) {
          PK11SlotInfo *slot = PK11_GetInternalKeySlot();
          if (slot) {
            PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE, 
-                            const_cast<char*>(nickname.get()), PR_FALSE);
+                            nickname, PR_FALSE);
            PK11_FreeSlot(slot);
          }
        }
+        PR_FREEIF(nickname);
      }

      CERT_DestroyCertList(certList);
--- a/security/manager/ssl/src/nsNSSCertificate.h
+++ b/security/manager/ssl/src/nsNSSCertificate.h
@ -85,6 +85,8 @@ public:
  static nsNSSCertificate* Create(CERTCertificate *cert = nsnull);
  static nsNSSCertificate* ConstructFromDER(char *certDER, int derLen);

+  // It is the responsibility of the caller of this method to free the returned
+  // string using PR_Free.
  static char* defaultServerNickname(CERTCertificate* cert);

 private: