Blame SOURCES/nss-3.79-fix-client-cert-crash.patch
|
 |
2a00fe |
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
|
|
|
2a00fe |
--- a/lib/ssl/authcert.c
|
|
|
2a00fe |
+++ b/lib/ssl/authcert.c
|
|
|
55ed90 |
@@ -201,16 +201,19 @@ NSS_GetClientAuthData(void *arg,
|
|
|
55ed90 |
|
|
|
55ed90 |
/* otherwise look through the cache based on usage
|
|
|
55ed90 |
* if chosenNickname is set, we ignore the expiration date */
|
|
|
55ed90 |
if (certList == NULL) {
|
|
|
55ed90 |
certList = CERT_FindUserCertsByUsage(CERT_GetDefaultCertDB(),
|
|
|
55ed90 |
certUsageSSLClient,
|
|
|
55ed90 |
PR_FALSE, chosenNickName == NULL,
|
|
|
55ed90 |
pw_arg);
|
|
|
55ed90 |
+ if (certList == NULL) {
|
|
|
55ed90 |
+ return SECFailure;
|
|
|
55ed90 |
+ }
|
|
|
55ed90 |
/* filter only the certs that meet the nickname requirements */
|
|
|
55ed90 |
if (chosenNickName) {
|
|
|
55ed90 |
rv = CERT_FilterCertListByNickname(certList, chosenNickName,
|
|
|
2a00fe |
pw_arg);
|
|
|
2a00fe |
} else {
|
|
|
2a00fe |
int nnames = 0;
|
|
|
2a00fe |
char **names = ssl_DistNamesToStrings(caNames, &nnames);
|
|
|
2a00fe |
rv = CERT_FilterCertListByCANames(certList, nnames, names,
|