aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2014-12-27 20:50:14 +0000
committerSteve Holme <steve_holme@hotmail.com>2014-12-27 21:25:41 +0000
commit0943045108bbf4a59d93732a0453df834cff8353 (patch)
tree09612191dd9e0d0afc40ff6c966064c35fbd35d6 /lib
parentb235c2936677cad58ea72c4556eff3488ae0d9d1 (diff)
nss: Don't ignore Curl_ssl_init_certinfo() OOM failure
Diffstat (limited to 'lib')
-rw-r--r--lib/vtls/nss.c29
1 files changed, 17 insertions, 12 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index 9a5b4f085..309edbe62 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -725,8 +725,9 @@ static void display_cert_info(struct SessionHandle *data,
PR_Free(common_name);
}
-static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
+static CURLcode display_conn_info(struct connectdata *conn, PRFileDesc *sock)
{
+ CURLcode result = CURLE_OK;
SSLChannelInfo channel;
SSLCipherSuiteInfo suite;
CERTCertificate *cert;
@@ -745,7 +746,6 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
}
cert = SSL_PeerCertificate(sock);
-
if(cert) {
infof(conn->data, "Server certificate:\n");
@@ -770,21 +770,24 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
cert2 = cert3;
}
}
- Curl_ssl_init_certinfo(conn->data, i);
- for(i = 0; cert; cert = cert2) {
- Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data,
- (char *)cert->derCert.data + cert->derCert.len);
- if(cert->isRoot) {
+
+ result = Curl_ssl_init_certinfo(conn->data, i);
+ if(!result) {
+ for(i = 0; cert; cert = cert2) {
+ Curl_extract_certinfo(conn, i++, (char *)cert->derCert.data,
+ (char *)cert->derCert.data + cert->derCert.len);
+ if(cert->isRoot) {
+ CERT_DestroyCertificate(cert);
+ break;
+ }
+ cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
CERT_DestroyCertificate(cert);
- break;
}
- cert2 = CERT_FindCertIssuer(cert, now, certUsageSSLCA);
- CERT_DestroyCertificate(cert);
}
}
}
- return;
+ return result;
}
static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
@@ -1694,7 +1697,9 @@ static CURLcode nss_do_connect(struct connectdata *conn, int sockindex)
goto error;
}
- display_conn_info(conn, connssl->handle);
+ result = display_conn_info(conn, connssl->handle);
+ if(result)
+ goto error;
if(data->set.str[STRING_SSL_ISSUERCERT]) {
SECStatus ret = SECFailure;