If both cert->nickname and cert->emailAddr are NULL, certutil -L will crash passing a NULL to fprintf.
Checked in to NSS_3_4_BRANCH and the tip.
Are we sure that "(NULL)" is what we want to display when cert->emailAddr is NULL? Seems like the empty string "" would be better. Or do you want to indicate that it is a NULL pointer?
I wanted to indicate that it was a NULL pointer. This is not normal behavior for us to have NULL nicknames. It is likely to cause crashes in other applications, which is in fact how this problem was found. So I think it is useful for certutil to differentiate between an empty "" nickname and a NULL one.
Julien, Are you sure that it is not normal behavior for us to have NULL nicknames? When there is no nickname, do we use an empty string "" or a NULL pointer? Or is it an error to have no nickname in the first place?
No, I am not. Should this bug be reopened ? The patch only affects certutil output. The current behavior just makes it consistent with NT which has stdio displaying (NULL) when passing NULL pointers to fprintf, but on Solaris (and maybe on other platforms) it just crashes.
Julien, If it is not a bug for a cert to have both a NULL cert->nickname and a NULL cert->emailAddr, it is better to print nothing than to print "(NULL)". I don't know to answer to my question. Could you ask Bob or Nelson if they know? Thanks.
Every certificate in the DB should have either a "nickname" or an email address record (which is also used as a nickname). IMO, it is an error for a certificate in the DB to have neither. This is one of the things that the cert DB repair program used to fix.
Comment on attachment 82559 [details] [diff] [review] patch to display (NULL) Nelson, thanks for answering my question. Then I agree with Julien's fix for this crash.