Closed
Bug 165859
Opened 22 years ago
Closed 22 years ago
Double free on error path in nssTrustDomain_FindCertificateByIssuerAndSerialNumber
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.6
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
771 bytes,
patch
|
bugz
:
review+
|
Details | Diff | Splinter Review |
In trustdomain.c, function nssTrustDomain_FindCertificateByIssuerAndSerialNumber, 'collection' may be destroyed twice if the nssPKIObjectCollection_GetCertificates call fails. Here is the code fragment: if (collection) { (void)nssPKIObjectCollection_GetCertificates(collection, &rvCert, 1, NULL); nssPKIObjectCollection_Destroy(collection); if (!rvCert) { goto loser; } } nssSlotArray_Destroy(slots); return rvCert; loser: if (collection) { nssPKIObjectCollection_Destroy(collection); } if (slots) { nssSlotArray_Destroy(slots); } return (NSSCertificate *)NULL;
Assignee | ||
Comment 1•22 years ago
|
||
Assignee | ||
Comment 2•22 years ago
|
||
Fix checked into the tip. This bug seems to have been introduced in NSS 3.5.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.6
Updated•22 years ago
|
Attachment #97367 -
Flags: review+
You need to log in
before you can comment on or make changes to this bug.
Description
•