The default bug view has changed. See this FAQ.

need to destroy data pointed by CERTValOutParam array in case of error

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
normal
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX NSS312)

Attachments

(1 attachment)

1.60 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

9 years ago
In case of returned error, a caller of CERT_PKIXVerifyCert does not expect any data to be in CERTValOutParam that otherwise would be related to "normal" execution result. It means that CERT_PKIXVerifyCert should destroy any data pointers that was set before error has occurred.
(Assignee)

Updated

9 years ago
Priority: -- → P1
Whiteboard: PKIX NSS312
(Assignee)

Comment 1

9 years ago
Created attachment 312327 [details] [diff] [review]
Destroy output params in case of error
Attachment #312327 - Flags: review?(nelson)
Comment on attachment 312327 [details] [diff] [review]
Destroy output params in case of error

r+ with one change:

>     if (error != NULL) {
>         SECErrorCodes         nssErrorCode = 0;
> 
>+        cert_pkixDestroyValOutParam(paramsOut);
>         cert_PkixErrorToNssCode(error, &nssErrorCode, plContext);
>         PORT_SetError(nssErrorCode);
>         PKIX_PL_Object_DecRef((PKIX_PL_Object *)error, plContext);
>-        /* XXX Destroy output params in case of error. See bug 425516. */
>     }

The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
and BEFORE the call to PORT_SetError.
Attachment #312327 - Flags: review?(nelson) → review+
(Assignee)

Comment 3

9 years ago
> The new function should be inserted AFTER the call to cert_PkixErrorToNssCode
> and BEFORE the call to PORT_SetError.
Right. Thanks, Nelson. 

(Assignee)

Comment 4

9 years ago
Patch is integrated.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.