diff options
author | Kamil Dudka <kdudka@redhat.com> | 2014-07-04 00:36:21 +0200 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2014-07-04 00:37:40 +0200 |
commit | caa4db8a51e2b02e43ee85e63bc3fec232986699 (patch) | |
tree | e9dd8bc02a304e490fbfa63a7da3f5f5eb8e6393 /lib | |
parent | 2968f957aa025003d15a4fa42c3138e99c6d2e3f (diff) |
nss: make crl_der allocated on heap
... and spell it as crl_der instead of crlDER
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/nss.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index afe498b1a..d22c9a9d9 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, } /* add given CRL to cache if it is not already there */ -static SECStatus nss_cache_crl(SECItem *crlDER) +static CURLcode nss_cache_crl(SECItem *crl_der) { CERTCertDBHandle *db = CERT_GetDefaultCertDB(); - CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0); + CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0); if(crl) { /* CRL already cached */ SEC_DestroyCrl(crl); - SECITEM_FreeItem(crlDER, PR_FALSE); + SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } /* acquire lock before call of CERT_CacheCRL() */ PR_Lock(nss_crllock); - if(SECSuccess != CERT_CacheCRL(db, crlDER)) { + if(SECSuccess != CERT_CacheCRL(db, crl_der)) { /* unable to cache CRL */ PR_Unlock(nss_crllock); - SECITEM_FreeItem(crlDER, PR_FALSE); + SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } @@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename) PRFileDesc *infile; PRFileInfo info; SECItem filedata = { 0, NULL, 0 }; - SECItem crlDER = { 0, NULL, 0 }; + SECItem *crl_der = NULL; char *body; infile = PR_Open(crlfilename, PR_RDONLY, 0); @@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename) if(info.size != PR_Read(infile, filedata.data, info.size)) goto fail; + crl_der = SECITEM_AllocItem(NULL, NULL, 0U); + if(!crl_der) + goto fail; + /* place a trailing zero right after the visible data */ body = (char*)filedata.data; body[--filedata.len] = '\0'; @@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename) /* retrieve DER from ASCII */ *trailer = '\0'; - if(ATOB_ConvertAsciiToItem(&crlDER, begin)) + if(ATOB_ConvertAsciiToItem(crl_der, begin)) goto fail; SECITEM_FreeItem(&filedata, PR_FALSE); } else /* assume DER */ - crlDER = filedata; + *crl_der = filedata; PR_Close(infile); - return nss_cache_crl(&crlDER); + return nss_cache_crl(crl_der); fail: PR_Close(infile); + SECITEM_FreeItem(crl_der, PR_TRUE); SECITEM_FreeItem(&filedata, PR_FALSE); return CURLE_SSL_CRL_BADFILE; } |