Blame SOURCES/Free-dangling-reference.patch
|
 |
ceb1aa |
diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
|
|
|
ceb1aa |
--- a/lib/pk11wrap/pk11cert.c
|
|
|
ceb1aa |
+++ b/lib/pk11wrap/pk11cert.c
|
|
|
ceb1aa |
@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
|
|
|
ceb1aa |
cert->istemp = PR_FALSE;
|
|
|
ceb1aa |
cert->isperm = PR_TRUE;
|
|
|
ceb1aa |
}
|
|
|
ceb1aa |
|
|
|
ceb1aa |
/* add the new instance to the cert, force an update of the
|
|
|
ceb1aa |
* CERTCertificate, and finish
|
|
|
ceb1aa |
*/
|
|
|
ceb1aa |
nssPKIObject_AddInstance(&c->object, certobj);
|
|
|
ceb1aa |
+ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
|
|
|
ceb1aa |
+ * replace 'c' by a different value. So we add a reference to 'c' to
|
|
|
ceb1aa |
+ * prevent 'c' from being destroyed. */
|
|
|
ceb1aa |
+ nssCertificate_AddRef(c);
|
|
|
ceb1aa |
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
|
|
|
ceb1aa |
+ /* XXX should we pass the original value of 'c' to
|
|
|
ceb1aa |
+ * STAN_ForceCERTCertificateUpdate? */
|
|
|
ceb1aa |
(void)STAN_ForceCERTCertificateUpdate(c);
|
|
|
ceb1aa |
+ nssCertificate_Destroy(c);
|
|
|
ceb1aa |
SECITEM_FreeItem(keyID,PR_TRUE);
|
|
|
ceb1aa |
return SECSuccess;
|
|
|
ceb1aa |
loser:
|
|
|
ceb1aa |
CERT_MapStanError();
|
|
|
ceb1aa |
SECITEM_FreeItem(keyID,PR_TRUE);
|
|
|
ceb1aa |
if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
|
|
|
ceb1aa |
PORT_SetError(SEC_ERROR_ADDING_CERT);
|
|
|
ceb1aa |
}
|