586953 - CERT_FormatName leaks everything if it can't PORT_Alloc for buf

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P3)

Description

[timeless]

...
                email = CERT_DecodeAVAValue(&ava->value);
                if (!email) {
                        goto loser;
...
    buf = (char *)PORT_Alloc(len);
    if ( !buf ) {
        return(0);
...
loser:
...
    if ( email ) {
        SECITEM_FreeItem(email, PR_TRUE);
    }
...
    return(buf);

Comment 1

[timeless]

Attachment: patch

Comment 2

[Nelson Bolyard (seldom reads bugmail)]

Comment on attachment 465624 [details] [diff] [review]
patch

r=nelson, to commit later.

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

I'm pretty sure this function is not used by anyone anywhere, but it is 
a public exported function of the shared lib, so we can't just nuke it.

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

Checking in certhigh/certhtml.c; new revision: 1.9; previous revision: 1.8

Comment 5

[Nelson Bolyard (seldom reads bugmail)]

Mass checkin of Timeless's coverity fixes on 3.12 branch:

cmd/lib/secutil.c;           new revision: 1.99.2.1; previous revision: 1.99
cmd/lib/secutil.h;           new revision: 1.32.2.1; previous revision: 1.32
cmd/certutil/certutil.c;     new revision: 1.149.2.1; previous revision: 1.149
lib/certhigh/certhtml.c;     new revision: 1.8.66.1; previous revision: 1.8
lib/certhigh/certreq.c;      new revision: 1.8.56.1; previous revision: 1.8
lib/jar/jar.h;               new revision: 1.6.4.1; previous revision: 1.6
lib/smime/cmssiginfo.c;      new revision: 1.32.2.1; previous revision: 1.32
lib/pk11wrap/debug_module.c; new revision: 1.15.2.1; previous revision: 1.15
lib/crmf/servget.c;          new revision: 1.5.66.1; previous revision: 1.5