generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

nss: make crl_der allocated on heap

Browse Source 
... and spell it as crl_der instead of crlDER
This commit is contained in:
Kamil Dudka 2014-07-04 00:36:21 +02:00
parent 2968f957aa
commit caa4db8a51
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/vtls/nss.c
View File

@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
} }
/* add given CRL to cache if it is not already there */ /* add given CRL to cache if it is not already there */
static SECStatus nss_cache_crl(SECItem *crlDER) static CURLcode nss_cache_crl(SECItem *crl_der)
{ {
CERTCertDBHandle *db = CERT_GetDefaultCertDB(); CERTCertDBHandle *db = CERT_GetDefaultCertDB();
CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0); CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0);
if(crl) { if(crl) {
/* CRL already cached */ /* CRL already cached */
SEC_DestroyCrl(crl); SEC_DestroyCrl(crl);
SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE);
return CURLE_SSL_CRL_BADFILE; return CURLE_SSL_CRL_BADFILE;
} }
/* acquire lock before call of CERT_CacheCRL() */ /* acquire lock before call of CERT_CacheCRL() */
PR_Lock(nss_crllock); PR_Lock(nss_crllock);
if(SECSuccess != CERT_CacheCRL(db, crlDER)) { if(SECSuccess != CERT_CacheCRL(db, crl_der)) {
/* unable to cache CRL */ /* unable to cache CRL */
PR_Unlock(nss_crllock); PR_Unlock(nss_crllock);
SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE);
return CURLE_SSL_CRL_BADFILE; return CURLE_SSL_CRL_BADFILE;
} }
@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename)
PRFileDesc *infile; PRFileDesc *infile;
PRFileInfo info; PRFileInfo info;
SECItem filedata = { 0, NULL, 0 }; SECItem filedata = { 0, NULL, 0 };
SECItem crlDER = { 0, NULL, 0 }; SECItem *crl_der = NULL;
char *body; char *body;
infile = PR_Open(crlfilename, PR_RDONLY, 0); infile = PR_Open(crlfilename, PR_RDONLY, 0);
@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename)
if(info.size != PR_Read(infile, filedata.data, info.size)) if(info.size != PR_Read(infile, filedata.data, info.size))
goto fail; goto fail;
crl_der = SECITEM_AllocItem(NULL, NULL, 0U);
if(!crl_der)
goto fail;
/* place a trailing zero right after the visible data */ /* place a trailing zero right after the visible data */
body = (char*)filedata.data; body = (char*)filedata.data;
body[--filedata.len] = '\0'; body[--filedata.len] = '\0';
@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename)
/* retrieve DER from ASCII */ /* retrieve DER from ASCII */
*trailer = '\0'; *trailer = '\0';
if(ATOB_ConvertAsciiToItem(&crlDER, begin)) if(ATOB_ConvertAsciiToItem(crl_der, begin))
goto fail; goto fail;
SECITEM_FreeItem(&filedata, PR_FALSE); SECITEM_FreeItem(&filedata, PR_FALSE);
} }
else else
/* assume DER */ /* assume DER */
crlDER = filedata; *crl_der = filedata;
PR_Close(infile); PR_Close(infile);
return nss_cache_crl(&crlDER); return nss_cache_crl(crl_der);
fail: fail:
PR_Close(infile); PR_Close(infile);
SECITEM_FreeItem(crl_der, PR_TRUE);
SECITEM_FreeItem(&filedata, PR_FALSE); SECITEM_FreeItem(&filedata, PR_FALSE);
return CURLE_SSL_CRL_BADFILE; return CURLE_SSL_CRL_BADFILE;
} }