bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert
authorDavid Keeler <dkeeler@mozilla.com>
Thu, 17 Sep 2015 14:57:24 -0700
changeset 286122 7516ef9430ee331bf75c90ad8194de487dc5ee25
parent 286121 a6d99aed4538964a7c8a8ffd2fc1a2cfa90635ce
child 286123 815fb10d383fdc8e46d2af9a8265890aa5eb193d
push idunknown
push userunknown
push dateunknown
reviewersttaubert
bugs1205767
milestone44.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1205767 - prevent memory leak when generating an EC key with <keygen> r=ttaubert
security/manager/ssl/nsKeygenHandler.cpp
--- a/security/manager/ssl/nsKeygenHandler.cpp
+++ b/security/manager/ssl/nsKeygenHandler.cpp
@@ -476,17 +476,17 @@ nsKeygenFormProcessor::GetPublicKey(cons
     char *keystring = nullptr;
     char *keyparamsString = nullptr, *str = nullptr;
     uint32_t keyGenMechanism;
     int32_t primeBits;
     PK11SlotInfo *slot = nullptr;
     PK11RSAGenParams rsaParams;
     SECOidTag algTag;
     int keysize = 0;
-    void *params;
+    void *params = nullptr;
     SECKEYPrivateKey *privateKey = nullptr;
     SECKEYPublicKey *publicKey = nullptr;
     CERTSubjectPublicKeyInfo *spkInfo = nullptr;
     PLArenaPool *arena = nullptr;
     SECStatus sec_rv = SECFailure;
     SECItem spkiItem;
     SECItem pkacItem;
     SECItem signedItem;
@@ -761,16 +761,22 @@ loser:
         NS_RELEASE(KeygenRunnable);
     }
     if (keyparamsString) {
         free(keyparamsString);
     }
     if (pkac.challenge.data) {
         free(pkac.challenge.data);
     }
+    // If params is non-null and doesn't point to rsaParams, it was allocated
+    // in decode_ec_params. We have to free this memory.
+    if (params && params != &rsaParams) {
+        SECITEM_FreeItem(static_cast<SECItem*>(params), true);
+        params = nullptr;
+    }
     return rv;
 }
 
 // static
 void
 nsKeygenFormProcessor::ExtractParams(nsIDOMHTMLElement* aElement,
                                      nsAString& challengeValue,
                                      nsAString& keyTypeValue,