need to destroy data pointed by CERTValOutParam array in case of error

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX NSS312)

Attachments

(1 attachment)

(Assignee)

Description

10 years ago
In case of returned error, a caller of CERT_PKIXVerifyCert does not expect any data to be in CERTValOutParam that otherwise would be related to "normal" execution result. It means that CERT_PKIXVerifyCert should destroy any data pointers that was set before error has occurred.
(Assignee)

Updated

10 years ago
Priority: -- → P1
Whiteboard: PKIX NSS312
(Assignee)

Comment 1

10 years ago
Created attachment 312327 [details] [diff] [review]
Destroy output params in case of error
Attachment #312327 - Flags: review?(nelson)
Comment on attachment 312327 [details] [diff] [review]
Destroy output params in case of error

r+ with one change:

>     if (error != NULL) {
>         SECErrorCodes         nssErrorCode = 0;
> 
>+        cert_pkixDestroyValOutParam(paramsOut);
>         cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
>         PORT_SetError(nssErrorCode);
>         PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
>-        /* XXX Destroy output params in case of error. See bug 425516. */
>     }

The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
and BEFORE the call to PORT_SetError.
Attachment #312327 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

10 years ago
> The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
> and BEFORE the call to PORT_SetError.
Right. Thanks, Nelson. 

(Assignee)

Comment 4

10 years ago
Patch is integrated.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.