619268 - Memory leaks in CERT_ChangeCertTrust and CERT_SaveSMimeProfile

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P2)

Description

[Ryan Sleevi]

Attachment: Patch fixing the issue

If either CERT_ChangeCertTrust or CERT_SaveSMimeProfile are called multiple times for the same certificate, and that certificate is not stored in a PKCS#11 module, then small leaks will happen when it makes it to the STAN DB.

The cause of this is that when assigning a trust setting or profile (nssCertificateStore_AddTrust or nssCertificateStore_AddSMIMEProfile), the existing NSSTrust/nssSMIMEProfile associated with the NSSCertificate is replaced, without dropping the reference that was previousl grabbed.

Because the arenas for both NSSTrust/nssSMIMEProfile are created on-demand when using CERT_ChangeCertTrust / CERT_SaveSMimeProfile, as opposed to being created in the same arena as the CERTCertificate/NSSCertificate, the underlying objects are lost and leaked.

Comment 1

[Wan-Teh Chang]

Attachment: Patch fixing the issue, v2, by Ryan Sleevi

Thanks for the patch.  I guess we can't simply fix this with
+    if (entry->trust) {
+        nssTrust_Destroy(entry->trust);
+    }
     entry->trust = nssTrust_AddRef(trust);
because if 'trust' is the same as 'entry->trust', we must
not drop the reference count to 0 by accident.

I edited your patch for coding style and checked it in
on the NSS trunk (NSS 3.13).

Checking in pkistore.c;
/cvsroot/mozilla/security/nss/lib/pki/pkistore.c,v  <--  pkistore.c
new revision: 1.34; previous revision: 1.33
done

Comment 2

[Wan-Teh Chang]

Bob, is it OK to include this memory leak fix in NSS 3.12.9?
If it's too late, I'll target NSS 3.12.10.

Comment 3

[Robert Relyea]

if you get it in today, yes, otherwise let's put it 3.12.10.

bob

Comment 4

[Wan-Teh Chang]

Patch checked in on the NSS_3_12_BRANCH (NSS 3.12.9).

Checking in pkistore.c;
/cvsroot/mozilla/security/nss/lib/pki/pkistore.c,v  <--  pkistore.c
new revision: 1.33.40.1; previous revision: 1.33
done