628114 - crash in ckcapi_mdObject_Destroy when trying to delete a certificate

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P2)

Description

[Muzaffar Mahkamov]

User-Agent:       Opera/9.80 (Windows NT 6.1; U; en) Presto/2.7.62 Version/11.01
Build Identifier: NSS 3.12.8

To delete a certificate from the Microsoft CAPI store, ckcapi_mdObject_Destroy does the following:
1. CertFindCertificateInStore to get the certificate context
2. Call CertDeleteCertificateFromStore to delete the certificate from MS CAPI store
3. Redundant call to CertFreeCertificateContext which leads to a crash



Reproducible: Always

Steps to Reproduce:
1. call SEC_DeletePermCertificate, pass any certificate from Microsoft CAPI store as an argument.
Actual Results:  
The application crashes with an access violation reading invalid memory address

Expected Results:  
The certificate is successfully deleted or an error code is returned

MSDN says CertDeleteCertificateFromStore always calls CertFreeCertificateContext. Removing the call to CertFreeCertificateContext solves the problem.

Comment 1

[Muzaffar Mahkamov]

Attachment: patch to ckcapi_mdObject_Destroy

Comment 2

[Wan-Teh Chang]

Comment on attachment 506221 [details] [diff] [review]
patch to ckcapi_mdObject_Destroy

r=wtc.  Thanks for the patch.

Comment 3

[Wan-Teh Chang]

Patch checked in on the NSS trunk (NSS 3.13).

Checking in cobject.c;
/cvsroot/mozilla/security/nss/lib/ckfw/capi/cobject.c,v  <--  cobject.c
new revision: 1.7; previous revision: 1.6
done