diff --git a/lib/pk11wrap/pk11cert.c b/lib/pk11wrap/pk11cert.c
--- a/lib/pk11wrap/pk11cert.c
+++ b/lib/pk11wrap/pk11cert.c
@@ -976,18 +976,25 @@ PK11_ImportCert(PK11SlotInfo *slot, CERT
cert->istemp = PR_FALSE;
cert->isperm = PR_TRUE;
}
/* add the new instance to the cert, force an update of the
* CERTCertificate, and finish
*/
nssPKIObject_AddInstance(&c->object, certobj);
+ /* nssTrustDomain_AddCertsToCache may release a reference to 'c' and
+ * replace 'c' by a different value. So we add a reference to 'c' to
+ * prevent 'c' from being destroyed. */
+ nssCertificate_AddRef(c);
nssTrustDomain_AddCertsToCache(STAN_GetDefaultTrustDomain(), &c, 1);
+ /* XXX should we pass the original value of 'c' to
+ * STAN_ForceCERTCertificateUpdate? */
(void)STAN_ForceCERTCertificateUpdate(c);
+ nssCertificate_Destroy(c);
SECITEM_FreeItem(keyID,PR_TRUE);
return SECSuccess;
loser:
CERT_MapStanError();
SECITEM_FreeItem(keyID,PR_TRUE);
if (PORT_GetError() != SEC_ERROR_TOKEN_NOT_LOGGED_IN) {
PORT_SetError(SEC_ERROR_ADDING_CERT);
}