summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/certhigh/certhigh.c
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/lib/certhigh/certhigh.c')
-rw-r--r--security/nss/lib/certhigh/certhigh.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c
index 55259898b..7ae80b193 100644
--- a/security/nss/lib/certhigh/certhigh.c
+++ b/security/nss/lib/certhigh/certhigh.c
@@ -11,6 +11,7 @@
#include "cert.h"
#include "certxutl.h"
+#include "certi.h"
#include "nsspki.h"
#include "pki.h"
#include "pkit.h"
@@ -289,7 +290,7 @@ CERT_FindUserCertByUsage(CERTCertDBHandle *handle,
goto loser;
}
- if (!CERT_LIST_END(CERT_LIST_HEAD(certList), certList)) {
+ if (!CERT_LIST_EMPTY(certList)) {
cert = CERT_DupCertificate(CERT_LIST_HEAD(certList)->cert);
}
@@ -872,6 +873,7 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
PRBool isca;
char *nickname;
unsigned int certtype;
+ PRBool istemp = PR_FALSE;
handle = CERT_GetDefaultCertDB();
@@ -949,7 +951,11 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
}
/* if the cert is temp, make it perm; otherwise we're done */
- if (cert->istemp) {
+ rv = CERT_GetCertIsTemp(cert, &istemp);
+ if (rv != SECSuccess) {
+ goto loser;
+ }
+ if (istemp) {
/* get a default nickname for it */
nickname = CERT_MakeCANickname(cert);
@@ -963,9 +969,6 @@ cert_ImportCAChain(SECItem *certs, int numcerts, SECCertUsage certUsage, PRBool
rv = SECSuccess;
}
- CERT_DestroyCertificate(cert);
- cert = NULL;
-
if (rv != SECSuccess) {
goto loser;
}
@@ -1080,7 +1083,10 @@ CERT_CertChainFromCert(CERTCertificate *cert, SECCertUsage usage,
derCert.len = (unsigned int)stanCert->encoding.size;
derCert.data = (unsigned char *)stanCert->encoding.data;
derCert.type = siBuffer;
- SECITEM_CopyItem(arena, &chain->certs[i], &derCert);
+ if (SECITEM_CopyItem(arena, &chain->certs[i], &derCert) != SECSuccess) {
+ CERT_DestroyCertificate(cCert);
+ goto loser;
+ }
stanCert = stanChain[++i];
if (!stanCert && !cCert->isRoot) {
/* reached the end of the chain, but the final cert is