430405 - Error log is not produced by CERT_PKIXVerifyCert. Patch part two. r=nelson
authoralexei.volkov.bugs%sun.com
Thu, 10 Jul 2008 22:52:28 +0000
changeset 8668 14a5536aafde0558afe24a5660d42536c0637b35
parent 8667 0753de988b0bbd04eab664a19cad180d9e524e0e
child 8669 702ae9a4d7c91bf91a6b08280192d852e5bea13d
push idunknown
push userunknown
push dateunknown
reviewersnelson
bugs430405
430405 - Error log is not produced by CERT_PKIXVerifyCert. Patch part two. r=nelson
security/nss/lib/libpkix/pkix/top/pkix_build.c
--- a/security/nss/lib/libpkix/pkix/top/pkix_build.c
+++ b/security/nss/lib/libpkix/pkix/top/pkix_build.c
@@ -3828,22 +3828,20 @@ pkix_Build_InitiateBuildChain(
         PKIX_PL_AIAMgr *aiaMgr = NULL;
 
         PKIX_ENTER(BUILD, "pkix_Build_InitiateBuildChain");
         PKIX_NULLCHECK_FOUR(procParams, pNBIOContext, pState, pBuildResult);
 
         nbioContext = *pNBIOContext;
         *pNBIOContext = NULL;
 
-        if (*pState != NULL) {
-            state = *pState;
-            *pState = NULL; /* no net change in reference count */
-            /* attempted shortcut ran into non-blocking I/O */
-        } else {
-
+        state = *pState;
+        *pState = NULL; /* no net change in reference count */
+
+        if (state == NULL) {
             PKIX_CHECK(PKIX_ProcessingParams_GetDate
                     (procParams, &testDate, plContext),
                     PKIX_PROCESSINGPARAMSGETDATEFAILED);
     
             if (!testDate) {
                     PKIX_CHECK(PKIX_PL_Date_Create_UTCTime
                             (NULL, &testDate, plContext),
                             PKIX_DATECREATEUTCTIMEFAILED);
@@ -4218,33 +4216,23 @@ pkix_Build_InitiateBuildChain(
 
         /* no valResult means the build has failed */
         } else {
                 if (pVerifyNode != NULL) {
                         PKIX_INCREF(state->verifyNode);
                         *pVerifyNode = state->verifyNode;
                 }
 
-                if (valResult == NULL || pkixErrorResult) {
-
-                        PKIX_DECREF(state);
-                        *pState = NULL;
+                if (valResult == NULL || pkixErrorResult)
                         PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
-
-                } else {
-
-                        PKIX_CHECK(pkix_BuildResult_Create
-                                (valResult,
-                                state->trustChain,
-                                &buildResult,
-                                plContext),
-                                PKIX_BUILDRESULTCREATEFAILED);
-
-                        *pBuildResult = buildResult;
-                }
+                PKIX_CHECK(
+                    pkix_BuildResult_Create(valResult, state->trustChain,
+                                            &buildResult, plContext),
+                    PKIX_BUILDRESULTCREATEFAILED);
+                *pBuildResult = buildResult;
         }
 
         *pState = state;
         state = NULL;
 
 cleanup:
 
         PKIX_DECREF(targetConstraints);
@@ -4304,65 +4292,59 @@ cleanup:
  * RETURNS:
  *  Returns NULL if the function succeeds.
  *  Returns a Build Error if the function fails in a non-fatal way
  *  Returns a Fatal Error if the function fails in an unrecoverable way.
  */
 static PKIX_Error *
 pkix_Build_ResumeBuildChain(
         void **pNBIOContext,
-        PKIX_ForwardBuilderState **pState,
+        PKIX_ForwardBuilderState *state,
         PKIX_BuildResult **pBuildResult,
         PKIX_VerifyNode **pVerifyNode,
         void *plContext)
 {
-        PKIX_ForwardBuilderState *state = NULL;
         PKIX_ValidateResult *valResult = NULL;
         PKIX_BuildResult *buildResult = NULL;
         void *nbioContext = NULL;
 
         PKIX_ENTER(BUILD, "pkix_Build_ResumeBuildChain");
         PKIX_NULLCHECK_THREE(pState, *pState, pBuildResult);
 
         nbioContext = *pNBIOContext;
         *pNBIOContext = NULL;
 
-        state = *pState;
-
-        PKIX_CHECK(pkix_BuildForwardDepthFirstSearch
-                (&nbioContext, &state, &valResult, plContext),
-                PKIX_BUILDFORWARDDEPTHFIRSTSEARCHFAILED);
+        pkixErrorResult =
+            pkix_BuildForwardDepthFirstSearch(&nbioContext, state,
+                                              &valResult, plContext),
+
 
         /* non-null nbioContext means the build would block */
-        if (nbioContext != NULL) {
+        if (pkixErrorResult == NULL && nbioContext != NULL) {
 
                 *pNBIOContext = nbioContext;
                 *pBuildResult = NULL;
 
         /* no valResult means the build has failed */
-        } else if (valResult == NULL) {
-
-                PKIX_DECREF(state);
-                *pState = NULL;
-                PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
-
         } else {
-
-                PKIX_CHECK(pkix_BuildResult_Create
-                        (valResult,
-                        state->trustChain,
-                        &buildResult,
-                        plContext),
-                        PKIX_BUILDRESULTCREATEFAILED);
-
+                if (pVerifyNode != NULL) {
+                    PKIX_INCREF(state->verifyNode);
+                    *pVerifyNode = state->verifyNode;
+                }
+
+                if (valResult == NULL || pkixErrorResult)
+                    PKIX_ERROR(PKIX_UNABLETOBUILDCHAIN);
+
+                PKIX_CHECK(
+                    pkix_BuildResult_Create(valResult, state->trustChain,
+                                            &buildResult, plContext),
+                    PKIX_BUILDRESULTCREATEFAILED);
                 *pBuildResult = buildResult;
         }
 
-        *pState = state;
-
 cleanup:
 
         PKIX_DECREF(valResult);
 
         PKIX_RETURN(BUILD);
 }
 
 /* --Public-Functions--------------------------------------------- */