Bug 644012, crash with an empty issuer name in SSL certificate, +leak fix ... r=bsmith, a=dveditz
authorKai Engert <kaie@kuix.de>
Wed, 23 Mar 2011 20:34:12 +0100
changeset 27376 cc1618c6d434dd84fb2638d3f08bac3f3874724b
parent 27375 72a72241e47c1388c566a12e114f794f422055b5
child 27377 a015fc0949cbce7bc5f0d7b38ce69738e999eb14
push id2699
push userkaie@kuix.de
push dateWed, 23 Mar 2011 19:34:22 +0000
reviewersbsmith, dveditz
bugs644012
milestone1.9.1.19pre
Bug 644012, crash with an empty issuer name in SSL certificate, +leak fix ... r=bsmith, a=dveditz
security/manager/ssl/src/nsNSSCallbacks.cpp
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@@ -1000,18 +1000,21 @@ static struct nsSerialBinaryBlacklistEnt
   { 0, 0 } // end marker
 };
 
 SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
                                               PRBool checksig, PRBool isServer) {
   nsNSSShutDownPreventionLock locker;
 
   CERTCertificate *serverCert = SSL_PeerCertificate(fd);
+  CERTCertificateCleaner serverCertCleaner(serverCert);
+
   if (serverCert && 
       serverCert->serialNumber.data &&
+      serverCert->issuerName &&
       !strcmp(serverCert->issuerName, 
         "CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US")) {
 
     unsigned char *server_cert_comparison_start = (unsigned char*)serverCert->serialNumber.data;
     unsigned int server_cert_comparison_len = serverCert->serialNumber.len;
 
     while (server_cert_comparison_len) {
       if (*server_cert_comparison_start != 0)
@@ -1044,18 +1047,16 @@ SECStatus PR_CALLBACK AuthCertificateCal
   }
   
   // first the default action
   SECStatus rv = SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
 
   // We want to remember the CA certs in the temp db, so that the application can find the
   // complete chain at any time it might need it.
   // But we keep only those CA certs in the temp db, that we didn't already know.
-  
-  CERTCertificateCleaner serverCertCleaner(serverCert);
 
   if (serverCert) {
     nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
     nsRefPtr<nsSSLStatus> status = infoObject->SSLStatus();
     nsRefPtr<nsNSSCertificate> nsc;
 
     if (!status || !status->mServerCert) {
       nsc = new nsNSSCertificate(serverCert);