Bug 1185033: Free the arena rather than destroying the
authorDavid Keeler <dkeeler@mozilla.com>
Tue, 25 Aug 2015 16:50:51 -0700
changeset 11563 7033b1193c9496b25aafe5b0ff87abf60949e522
parent 11562 49af81a7869b66f4f5b655718d275753fd829026
child 11564 cfd0ad4726cb1ba1d90946ac194390f56c40fd5b
push id723
push userwtc@google.com
push dateTue, 25 Aug 2015 23:51:42 +0000
bugs1185033
Bug 1185033: Free the arena rather than destroying the SECKEYPrivateKeyInfo if ASN.1 decoding fails. r=wtc,rrelyea
lib/pk11wrap/pk11pk12.c
--- a/lib/pk11wrap/pk11pk12.c
+++ b/lib/pk11wrap/pk11pk12.c
@@ -229,23 +229,27 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey
         PORT_FreeArena(temparena, PR_FALSE);
         return rv;
     }
     pki->arena = temparena;
 
     rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
 		derPKI);
     if( rv != SECSuccess ) {
-	goto finish;
+        /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the
+         * validity of the data in pki. The best we can do is free the arena
+         * and return.
+         */
+        PORT_FreeArena(temparena, PR_TRUE);
+        return rv;
     }
 
     rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
 		publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
 
-finish:
     /* this zeroes the key and frees the arena */
     SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
     return rv;
 }
         
 SECStatus
 PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk, 
 	SECItem *nickname, SECItem *publicValue, PRBool isPerm,