The CERTSignedCrl* objects returned by the function SEC_LookupCrls do not have a slot pointer set or CK_OBJECT_HANDLE. This means that if you want to do things like deleting one of them, you can't just pass the pointer to SEC_DeletePermCRL. Instead, you need to look it up again, by extracting the DER issuer out of the CERTSignedCrl*, then doing a SEC_FindCrlByName on it to get a second CERTSignedCrl*. This is done for example in PSM currently and I also had to do the same thing in crlutil to implement the -E option that erases all CRLs from the cert database. This double-lookup is very inefficient, particularly in the light of bug #170835 : in this enumeration codepath, the CRL cache is currently not used. So, when you do the second lookup, the CRL ends up being decoded and allocated again. This can be very bad for large CRLs.
Not returning valid slot pointers and object handles seems like a bug. CRL issues seem like they're P2.