Closed Bug 860925 Opened 11 years ago Closed 9 years ago

Potential memory leaks on managing certificate using dupcert and CERT_AddCertToListTail

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: cviecco, Unassigned)

References

Details

There are two places within nsIdentityChecking.cpp 
where the idiom:
  CERT_AddCertToListTail(certList, CERT_DupCertificate($SOMECERT)); 
is used.

This is problematic as there is no garantee that CERT_DupCertificate will actually succeed, further if the CERT_AddCertToListTail call fails there is no way do delete the temporary cert.
(In reply to Camilo Viecco (:cviecco) from comment #0)
> This is problematic as there is no garantee that CERT_DupCertificate will
> actually succeed

You can rely on CERT_DupCertificate to always succeed. I have verified this before with the NSS team.

> further if the CERT_AddCertToListTail call fails there is
> no way do delete the temporary cert.

Yes, this is a problem.
It doesn't look like this pattern exists anywhere within PSM anymore.

AFAICT Bug 975229 removed most, if not all instances of this pattern:
https://hg.mozilla.org/mozilla-central/diff/b3ebf7675c7b/security/certverifier/ExtendedValidation.cpp etc
Status: NEW → RESOLVED
Closed: 9 years ago
Depends on: 975229
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.