Index: net/third_party/nss/ssl/derive.c |
=================================================================== |
--- net/third_party/nss/ssl/derive.c (revision 124804) |
+++ net/third_party/nss/ssl/derive.c (working copy) |
@@ -36,7 +36,7 @@ |
* the terms of any one of the MPL, the GPL or the LGPL. |
* |
* ***** END LICENSE BLOCK ***** */ |
-/* $Id: derive.c,v 1.12 2008/06/06 01:16:31 wtc%google.com Exp $ */ |
+/* $Id: derive.c,v 1.13 2011/03/22 22:15:22 alexei.volkov.bugs%sun.com Exp $ */ |
#include "ssl.h" /* prereq to sslimpl.h */ |
#include "certt.h" /* prereq to sslimpl.h */ |
@@ -604,6 +604,9 @@ |
PRBool testrsa_export = PR_FALSE; |
PRBool testecdh = PR_FALSE; |
PRBool testecdhe = PR_FALSE; |
+#ifdef NSS_ENABLE_ECC |
+ SECKEYECParams ecParams = { siBuffer, NULL, 0 }; |
+#endif |
if (!cert || !srvPrivkey || !ciphersuites || !pcanbypass) { |
PORT_SetError(SEC_ERROR_INVALID_ARGS); |
@@ -703,10 +706,15 @@ |
/* now wrap it */ |
enc_pms.len = SECKEY_PublicKeyStrength(srvPubkey); |
enc_pms.data = (unsigned char*)PORT_Alloc(enc_pms.len); |
+ if (enc_pms.data == NULL) { |
+ PORT_SetError(PR_OUT_OF_MEMORY_ERROR); |
+ break; |
+ } |
irv = PK11_PubWrapSymKey(CKM_RSA_PKCS, srvPubkey, pms, &enc_pms); |
if (irv != SECSuccess) |
break; |
PK11_FreeSymKey(pms); |
+ pms = NULL; |
/* now do the server side--check the triple bypass first */ |
rv = PK11_PrivDecryptPKCS1(srvPrivkey, rsaPmsBuf, &outLen, |
sizeof rsaPmsBuf, |
@@ -727,6 +735,13 @@ |
goto done; |
break; |
} |
+ |
+ /* Check for NULL to avoid double free. |
+ * SECItem_FreeItem sets data NULL in secitem.c#265 |
+ */ |
+ if (enc_pms.data != NULL) { |
+ SECITEM_FreeItem(&enc_pms, PR_FALSE); |
+ } |
#ifdef NSS_ENABLE_ECC |
for (; (privKeytype == ecKey && ( testecdh || testecdhe)) || |
(privKeytype == rsaKey && testecdhe); ) { |
@@ -735,8 +750,7 @@ |
SECKEYPrivateKey *keapriv; |
SECKEYPublicKey *cpub = NULL; /* client's ephemeral ECDH keys */ |
SECKEYPrivateKey *cpriv = NULL; |
- SECKEYECParams ecParams = { siBuffer, NULL, 0 }, |
- *pecParams; |
+ SECKEYECParams *pecParams = NULL; |
if (privKeytype == ecKey && testecdhe) { |
/* TLS_ECDHE_ECDSA */ |
@@ -821,13 +835,16 @@ |
if (testecdhe) { |
SECKEY_DestroyPrivateKey(keapriv); |
SECKEY_DestroyPublicKey(keapub); |
- if (privKeytype == rsaKey) |
- PORT_Free(ecParams.data); |
} |
if (rv == SECSuccess && *pcanbypass == PR_FALSE) |
goto done; |
break; |
} |
+ /* Check for NULL to avoid double free. */ |
+ if (ecParams.data != NULL) { |
+ PORT_Free(ecParams.data); |
+ ecParams.data = NULL; |
+ } |
#endif /* NSS_ENABLE_ECC */ |
if (pms) |
PK11_FreeSymKey(pms); |
@@ -840,7 +857,18 @@ |
if (pms) |
PK11_FreeSymKey(pms); |
- SECITEM_FreeItem(&enc_pms, PR_FALSE); |
+ /* Check for NULL to avoid double free. |
+ * SECItem_FreeItem sets data NULL in secitem.c#265 |
+ */ |
+ if (enc_pms.data != NULL) { |
+ SECITEM_FreeItem(&enc_pms, PR_FALSE); |
+ } |
+#ifdef NSS_ENABLE_ECC |
+ if (ecParams.data != NULL) { |
+ PORT_Free(ecParams.data); |
+ ecParams.data = NULL; |
+ } |
+#endif /* NSS_ENABLE_ECC */ |
if (srvPubkey) { |
SECKEY_DestroyPublicKey(srvPubkey); |