Bug 359473, PK11_GetAttributes returns OK for cert with no private key
authorneil.williams%sun.com
Wed, 27 Jun 2007 22:30:59 +0000
changeset 7908 738b9c26bd124f29e8891a73e81e0c53481def45
parent 7907 ee3cdd041a3fbdc1135da667d7a829814fbcb4ca
child 7909 8e30d87d65171cfbe3e9d889d88c32a820f2c758
push idunknown
push userunknown
push dateunknown
bugs359473
Bug 359473, PK11_GetAttributes returns OK for cert with no private key r=rrelyea
security/nss/lib/pk11wrap/pk11obj.c
--- a/security/nss/lib/pk11wrap/pk11obj.c
+++ b/security/nss/lib/pk11wrap/pk11obj.c
@@ -232,16 +232,18 @@ PK11_GetAttributes(PRArenaPool *arena,PK
     	mark = PORT_ArenaMark(arena);
 	if (mark == NULL) return CKR_HOST_MEMORY;
     }
 
     /*
      * now allocate space to store the results.
      */
     for (i=0; i < count; i++) {
+	if (attr[i].ulValueLen == 0)
+	    continue;
 	if (arena) {
 	    attr[i].pValue = PORT_ArenaAlloc(arena,attr[i].ulValueLen);
 	    if (attr[i].pValue == NULL) {
 		/* arena failures, just release the mark */
 		PORT_ArenaRelease(arena,mark);
 		PK11_ExitSlotMonitor(slot);
 		return CKR_HOST_MEMORY;
 	    }
@@ -1479,17 +1481,20 @@ PK11_MatchItem(PK11SlotInfo *slot, CK_OB
     if (crv != CKR_OK) {
 	PORT_FreeArena(arena,PR_FALSE);
 	PORT_SetError( PK11_MapError(crv) );
 	return CK_INVALID_HANDLE;
     }
 
     if ((theTemplate[0].ulValueLen == 0) || (theTemplate[0].ulValueLen == -1)) {
 	PORT_FreeArena(arena,PR_FALSE);
-	PORT_SetError(SEC_ERROR_BAD_KEY);
+	if (matchclass == CKO_CERTIFICATE)
+	    PORT_SetError(SEC_ERROR_BAD_KEY);
+	else
+	    PORT_SetError(SEC_ERROR_NO_KEY);
 	return CK_INVALID_HANDLE;
      }
 	
 	
 
     /*
      * issue the find
      */