The default bug view has changed. See this FAQ.

Memory leak in CERT_FindCertIssuer

RESOLVED FIXED in 3.6.1

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: kaie, Assigned: Robert Relyea)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
Reproduce using the procedure in bug 176666.

Function CERT_FindCertIssuer creates a leak for some certificates only.
For example, if the certdb contains a permanent copy of the cert from
https://www.kuix.de, after a call to CERT_FindCertIssuer, the passed in cert has
a reference count increased by one.

The cause is: Even if no issuer is found, NSSCertificate_BuildChain returns a
chain with the original in it. However, CERT_FindCertIssuer does not free this
reference and returns NULL.

The fix is to add
  if (chain[0]) {
    CERT_DestroyCertificate(cert);
  }
just in front of
  PORT_SetError (SEC_ERROR_UNKNOWN_ISSUER);
(Reporter)

Comment 1

15 years ago
The described change fixes bug 176666.
Blocks: 176666

Comment 2

15 years ago
Assigned the bug to Bob.

Kai, this is the current NSS_CLIENT_TAG, not the
MOZILLA_1_0_BRANCH, right?
Assignee: wtc → relyea
Priority: -- → P1
Whiteboard: [3.6.1]
Target Milestone: --- → 3.7

Comment 3

15 years ago
Created attachment 104151 [details] [diff] [review]
free cert on error path


Good catch, Kai.  I went ahead and made the patch.
(Reporter)

Comment 4

15 years ago
> this is the current NSS_CLIENT_TAG, not the MOZILLA_1_0_BRANCH, right

Yes, I saw the bug on the NSS_CLIENT_TAG.
But I guess it is in MOZILLA_1_0_BRANCH, too.
(Reporter)

Comment 5

15 years ago
Comment on attachment 104151 [details] [diff] [review]
free cert on error path

r=kaie
Attachment #104151 - Flags: review+

Comment 6

15 years ago
Set the version to 3.6 (the current NSS_CLIENT_TAG).
If we verify the bug is also in the MOZILLA_1_0_BRANCH,
the version should be changed to 3.5.
Version: unspecified → 3.6
(Reporter)

Updated

15 years ago
Blocks: 177260
(Reporter)

Comment 7

15 years ago
I can see the same code on the 1.0 branch, setting version as suggested.

The patch works for me, please land it on the NSS_3_6_BRANCH.
Thanks.
Version: 3.6 → 3.5
(Assignee)

Comment 8

15 years ago
This patch has now been checked into the tip. It has not been checked into the
3.6 or 3.5 branches.

Comment 9

15 years ago
The patch has been checked into the 3.6 branch.
Set the target milestone to 3.6.1 and marked the
bug fixed.
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Whiteboard: [3.6.1]
Target Milestone: 3.7 → 3.6.1
You need to log in before you can comment on or make changes to this bug.