From caa4db8a51e2b02e43ee85e63bc3fec232986699 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Fri, 4 Jul 2014 00:36:21 +0200 Subject: nss: make crl_der allocated on heap ... and spell it as crl_der instead of crlDER --- lib/vtls/nss.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index afe498b1a..d22c9a9d9 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, } /* add given CRL to cache if it is not already there */ -static SECStatus nss_cache_crl(SECItem *crlDER) +static CURLcode nss_cache_crl(SECItem *crl_der) { CERTCertDBHandle *db = CERT_GetDefaultCertDB(); - CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0); + CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0); if(crl) { /* CRL already cached */ SEC_DestroyCrl(crl); - SECITEM_FreeItem(crlDER, PR_FALSE); + SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } /* acquire lock before call of CERT_CacheCRL() */ PR_Lock(nss_crllock); - if(SECSuccess != CERT_CacheCRL(db, crlDER)) { + if(SECSuccess != CERT_CacheCRL(db, crl_der)) { /* unable to cache CRL */ PR_Unlock(nss_crllock); - SECITEM_FreeItem(crlDER, PR_FALSE); + SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } @@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename) PRFileDesc *infile; PRFileInfo info; SECItem filedata = { 0, NULL, 0 }; - SECItem crlDER = { 0, NULL, 0 }; + SECItem *crl_der = NULL; char *body; infile = PR_Open(crlfilename, PR_RDONLY, 0); @@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename) if(info.size != PR_Read(infile, filedata.data, info.size)) goto fail; + crl_der = SECITEM_AllocItem(NULL, NULL, 0U); + if(!crl_der) + goto fail; + /* place a trailing zero right after the visible data */ body = (char*)filedata.data; body[--filedata.len] = '\0'; @@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename) /* retrieve DER from ASCII */ *trailer = '\0'; - if(ATOB_ConvertAsciiToItem(&crlDER, begin)) + if(ATOB_ConvertAsciiToItem(crl_der, begin)) goto fail; SECITEM_FreeItem(&filedata, PR_FALSE); } else /* assume DER */ - crlDER = filedata; + *crl_der = filedata; PR_Close(infile); - return nss_cache_crl(&crlDER); + return nss_cache_crl(crl_der); fail: PR_Close(infile); + SECITEM_FreeItem(crl_der, PR_TRUE); SECITEM_FreeItem(&filedata, PR_FALSE); return CURLE_SSL_CRL_BADFILE; } -- cgit v1.2.3