Last Comment Bug 176667 - Memory leak in CERT_FindCertIssuer
: Memory leak in CERT_FindCertIssuer
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.5
: All All
: P1 normal (vote)
: 3.6.1
Assigned To: Robert Relyea
: Bishakha Banerjee
Depends on:
Blocks: 176666 177260
  Show dependency treegraph
Reported: 2002-10-25 02:35 PDT by Kai Engert (:kaie)
Modified: 2002-11-26 14:59 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

free cert on error path (547 bytes, patch)
2002-10-25 08:56 PDT, Ian McGreer
kaie: review+
Details | Diff | Splinter Review

Description Kai Engert (:kaie) 2002-10-25 02:35:21 PDT
Reproduce using the procedure in bug 176666.

Function CERT_FindCertIssuer creates a leak for some certificates only.
For example, if the certdb contains a permanent copy of the cert from, after a call to CERT_FindCertIssuer, the passed in cert has
a reference count increased by one.

The cause is: Even if no issuer is found, NSSCertificate_BuildChain returns a
chain with the original in it. However, CERT_FindCertIssuer does not free this
reference and returns NULL.

The fix is to add
  if (chain[0]) {
just in front of
Comment 1 Kai Engert (:kaie) 2002-10-25 02:38:49 PDT
The described change fixes bug 176666.
Comment 2 Wan-Teh Chang 2002-10-25 07:00:13 PDT
Assigned the bug to Bob.

Kai, this is the current NSS_CLIENT_TAG, not the
MOZILLA_1_0_BRANCH, right?
Comment 3 Ian McGreer 2002-10-25 08:56:50 PDT
Created attachment 104151 [details] [diff] [review]
free cert on error path

Good catch, Kai.  I went ahead and made the patch.
Comment 4 Kai Engert (:kaie) 2002-10-31 01:06:24 PST
> this is the current NSS_CLIENT_TAG, not the MOZILLA_1_0_BRANCH, right

Yes, I saw the bug on the NSS_CLIENT_TAG.
But I guess it is in MOZILLA_1_0_BRANCH, too.
Comment 5 Kai Engert (:kaie) 2002-10-31 10:49:21 PST
Comment on attachment 104151 [details] [diff] [review]
free cert on error path

Comment 6 Wan-Teh Chang 2002-11-03 15:48:15 PST
Set the version to 3.6 (the current NSS_CLIENT_TAG).
If we verify the bug is also in the MOZILLA_1_0_BRANCH,
the version should be changed to 3.5.
Comment 7 Kai Engert (:kaie) 2002-11-04 04:53:42 PST
I can see the same code on the 1.0 branch, setting version as suggested.

The patch works for me, please land it on the NSS_3_6_BRANCH.
Comment 8 Robert Relyea 2002-11-08 11:21:52 PST
This patch has now been checked into the tip. It has not been checked into the
3.6 or 3.5 branches.
Comment 9 Wan-Teh Chang 2002-11-26 14:59:31 PST
The patch has been checked into the 3.6 branch.
Set the target milestone to 3.6.1 and marked the
bug fixed.

Note You need to log in before you can comment on or make changes to this bug.