Bug 1185033: Free the arena rather than destroying the
SECKEYPrivateKeyInfo if ASN.1 decoding fails. r=wtc,rrelyea
--- a/lib/pk11wrap/pk11pk12.c
+++ b/lib/pk11wrap/pk11pk12.c
@@ -229,23 +229,27 @@ PK11_ImportDERPrivateKeyInfoAndReturnKey
PORT_FreeArena(temparena, PR_FALSE);
return rv;
}
pki->arena = temparena;
rv = SEC_ASN1DecodeItem(pki->arena, pki, SECKEY_PrivateKeyInfoTemplate,
derPKI);
if( rv != SECSuccess ) {
- goto finish;
+ /* If SEC_ASN1DecodeItem fails, we cannot assume anything about the
+ * validity of the data in pki. The best we can do is free the arena
+ * and return.
+ */
+ PORT_FreeArena(temparena, PR_TRUE);
+ return rv;
}
rv = PK11_ImportPrivateKeyInfoAndReturnKey(slot, pki, nickname,
publicValue, isPerm, isPrivate, keyUsage, privk, wincx);
-finish:
/* this zeroes the key and frees the arena */
SECKEY_DestroyPrivateKeyInfo(pki, PR_TRUE /*freeit*/);
return rv;
}
SECStatus
PK11_ImportAndReturnPrivateKey(PK11SlotInfo *slot, SECKEYRawPrivateKey *lpk,
SECItem *nickname, SECItem *publicValue, PRBool isPerm,