1029151 - Remove dangerous public destructor of nsNSSCertificate

Status: RESOLVED FIXED

(Core :: Security, defect)

Description

[Benoit Jacob [:bjacob] (mostly away)]

In bug 1028588 we removed dangerous public destructors of XPCOM-refcounted classes outside of a finite whitelist, see HasDangerousPublicDestructor. Now we are going over the entries in this whitelist.

One of them is: nsNSSCertificate

Comment 1

[Andrew McCreight [:mccr8]]

Attachment: Remove dangerous public destructor of nsNSSCertificate.

try: https://tbpl.mozilla.org/?tree=Try&rev=daa327c18c40

Comment 2

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Comment on attachment 8464348 [details] [diff] [review]
Remove dangerous public destructor of nsNSSCertificate.

Review of attachment 8464348 [details] [diff] [review]:
-----------------------------------------------------------------

::: security/manager/ssl/src/nsClientAuthRemember.cpp
@@ +113,5 @@
>  
>    {
>      ReentrantMonitorAutoEnter lock(monitor);
>      if (aClientCert) {
> +      RefPtr<nsNSSCertificate> pipCert = new nsNSSCertificate(aClientCert);

Same question as with the other bug (i.e. maybe use this instead: 'RefPtr<nsNSSCertificate> pipCert(new nsNSSCertificate(aClientCert));')

::: security/manager/ssl/src/nsNSSCertificateDB.cpp
@@ +1239,5 @@
>    for (node = CERT_LIST_HEAD(certList);
>         !CERT_LIST_END(node, certList);
>         node = CERT_LIST_NEXT(node)) {
>      if (getCertType(node->cert) == type) {
> +      RefPtr<nsNSSCertificate> pipCert = new nsNSSCertificate(node->cert);

same

Comment 3

[Andrew McCreight [:mccr8]]

I don't know either, so I just changed it.

https://hg.mozilla.org/integration/mozilla-inbound/rev/7dc88a0988df

Comment 4

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/7dc88a0988df