aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2014-07-04 00:36:21 +0200
committerKamil Dudka <kdudka@redhat.com>2014-07-04 00:37:40 +0200
commitcaa4db8a51e2b02e43ee85e63bc3fec232986699 (patch)
treee9dd8bc02a304e490fbfa63a7da3f5f5eb8e6393
parent2968f957aa025003d15a4fa42c3138e99c6d2e3f (diff)
nss: make crl_der allocated on heap
... and spell it as crl_der instead of crlDER
-rw-r--r--lib/vtls/nss.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index afe498b1a..d22c9a9d9 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
}
/* add given CRL to cache if it is not already there */
-static SECStatus nss_cache_crl(SECItem *crlDER)
+static CURLcode nss_cache_crl(SECItem *crl_der)
{
CERTCertDBHandle *db = CERT_GetDefaultCertDB();
- CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0);
+ CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
if(crl) {
/* CRL already cached */
SEC_DestroyCrl(crl);
- SECITEM_FreeItem(crlDER, PR_FALSE);
+ SECITEM_FreeItem(crl_der, PR_TRUE);
return CURLE_SSL_CRL_BADFILE;
}
/* acquire lock before call of CERT_CacheCRL() */
PR_Lock(nss_crllock);
- if(SECSuccess != CERT_CacheCRL(db, crlDER)) {
+ if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
/* unable to cache CRL */
PR_Unlock(nss_crllock);
- SECITEM_FreeItem(crlDER, PR_FALSE);
+ SECITEM_FreeItem(crl_der, PR_TRUE);
return CURLE_SSL_CRL_BADFILE;
}
@@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename)
PRFileDesc *infile;
PRFileInfo info;
SECItem filedata = { 0, NULL, 0 };
- SECItem crlDER = { 0, NULL, 0 };
+ SECItem *crl_der = NULL;
char *body;
infile = PR_Open(crlfilename, PR_RDONLY, 0);
@@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename)
if(info.size != PR_Read(infile, filedata.data, info.size))
goto fail;
+ crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
+ if(!crl_der)
+ goto fail;
+
/* place a trailing zero right after the visible data */
body = (char*)filedata.data;
body[--filedata.len] = '\0';
@@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename)
/* retrieve DER from ASCII */
*trailer = '\0';
- if(ATOB_ConvertAsciiToItem(&crlDER, begin))
+ if(ATOB_ConvertAsciiToItem(crl_der, begin))
goto fail;
SECITEM_FreeItem(&filedata, PR_FALSE);
}
else
/* assume DER */
- crlDER = filedata;
+ *crl_der = filedata;
PR_Close(infile);
- return nss_cache_crl(&crlDER);
+ return nss_cache_crl(crl_der);
fail:
PR_Close(infile);
+ SECITEM_FreeItem(crl_der, PR_TRUE);
SECITEM_FreeItem(&filedata, PR_FALSE);
return CURLE_SSL_CRL_BADFILE;
}