need to destroy data pointed by CERTValOutParam array in case of error

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX NSS312)

Attachments

(1 attachment)

1.60 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

9 years ago
In case of returned error, a caller of CERT_PKIXVerifyCert does not expect any data to be in CERTValOutParam that otherwise would be related to "normal" execution result. It means that CERT_PKIXVerifyCert should destroy any data pointers that was set before error has occurred.
(Assignee)

Updated

9 years ago
Priority: -- → P1
Whiteboard: PKIX NSS312
(Assignee)

Comment 1

9 years ago
Created attachment 312327 [details] [diff] [review]
Destroy output params in case of error
Attachment #312327 - Flags: review?(nelson)
Comment on attachment 312327 [details] [diff] [review]
Destroy output params in case of error

r+ with one change:

>     if (error != NULL) {
>         SECErrorCodes         nssErrorCode = 0;
> 
>+        cert_pkixDestroyValOutParam(paramsOut);
>         cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
>         PORT_SetError(nssErrorCode);
>         PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
>-        /* XXX Destroy output params in case of error. See bug 425516. */
>     }

The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
and BEFORE the call to PORT_SetError.
Attachment #312327 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

9 years ago
> The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
> and BEFORE the call to PORT_SetError.
Right. Thanks, Nelson. 

(Assignee)

Comment 4

9 years ago
Patch is integrated.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.