Bug 971358: Fix the leak of certList in nssTrustDomain_UpdateCachedTokenCerts
authorWan-Teh Chang <wtc@google.com>
Tue, 18 Feb 2014 15:26:39 -0800
changeset 11044 bc3fc2667a9416591fcd7a6690aa49dca0503649
parent 11043 fa9a3a970910e8f2db20002d6def944d19ecd61c
child 11045 15ea62260c21d83e1ada26019f437833cbb0c6f5
push id307
push userwtc@google.com
push dateTue, 18 Feb 2014 23:29:44 +0000
bugs971358
Bug 971358: Fix the leak of certList in nssTrustDomain_UpdateCachedTokenCerts if certList is empty. r=kaie.
lib/pki/tdcache.c
--- a/lib/pki/tdcache.c
+++ b/lib/pki/tdcache.c
@@ -463,20 +463,20 @@ nssTrustDomain_UpdateCachedTokenCerts (
     PRUint32 count;
     certList = nssList_Create(NULL, PR_FALSE);
     if (!certList) return PR_FAILURE;
     (void)nssTrustDomain_GetCertsFromCache(td, certList);
     count = nssList_Count(certList);
     if (count > 0) {
 	cached = nss_ZNEWARRAY(NULL, NSSCertificate *, count + 1);
 	if (!cached) {
+	    nssList_Destroy(certList);
 	    return PR_FAILURE;
 	}
 	nssList_GetArray(certList, (void **)cached, count);
-	nssList_Destroy(certList);
 	for (cp = cached; *cp; cp++) {
 	    nssCryptokiObject *instance;
 	    NSSCertificate *c = *cp;
 	    nssTokenSearchType tokenOnly = nssTokenSearchType_TokenOnly;
 	    instance = nssToken_FindCertificateByIssuerAndSerialNumber(
 	                                                       token,
                                                                NULL,
                                                                &c->issuer,
@@ -485,16 +485,17 @@ nssTrustDomain_UpdateCachedTokenCerts (
                                                                NULL);
 	    if (instance) {
 		nssPKIObject_AddInstance(&c->object, instance);
 		STAN_ForceCERTCertificateUpdate(c);
 	    }
 	}
 	nssCertificateArray_Destroy(cached);
     }
+    nssList_Destroy(certList);
     return PR_SUCCESS;
 }
 
 static PRStatus
 add_issuer_and_serial_entry (
   NSSArena *arena,
   nssTDCertificateCache *cache, 
   NSSCertificate *cert