Uprev NSS to 3.18 RTM

nss/lib/certdb/certdb.c

Index: nss/lib/certdb/certdb.c
diff --git a/nss/lib/certdb/certdb.c b/nss/lib/certdb/certdb.c
index 433043716538aecb06218cd04d6e47ba3b4fc0bc..2581be2272560eb3882e5cf9bebc16e9593e4edc 100644
--- a/nss/lib/certdb/certdb.c
+++ b/nss/lib/certdb/certdb.c
@@ -1051,6 +1051,11 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) {
     PRTime notBefore, notAfter, llPendingSlop, tmp1;
     SECStatus rv;
 
+    if (!crl) {
+        PORT_SetError(SEC_ERROR_INVALID_ARGS);
+        return(secCertTimeUndetermined);
+    }
+
     rv = SEC_GetCrlTimes(crl, &notBefore, &notAfter);
     
     if (rv) {
@@ -1063,6 +1068,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) {
     LL_MUL(llPendingSlop, llPendingSlop, tmp1);
     LL_SUB(notBefore, notBefore, llPendingSlop);
     if ( LL_CMP( t, <, notBefore ) ) {
+	PORT_SetError(SEC_ERROR_CRL_EXPIRED);
 	return(secCertTimeNotValidYet);
     }
 
@@ -1074,6 +1080,7 @@ SEC_CheckCrlTimes(CERTCrl *crl, PRTime t) {
     }
 
     if ( LL_CMP( t, >, notAfter) ) {
+	PORT_SetError(SEC_ERROR_CRL_EXPIRED);
 	return(secCertTimeExpired);
     }
 
@@ -1425,7 +1432,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
     CERTGeneralName * current;
     char *            cn;
     int               cnBufLen;
-    unsigned int      hnLen;
     int               DNSextCount    = 0;
     int               IPextCount     = 0;
     PRBool            isIPaddr       = PR_FALSE;
@@ -1435,7 +1441,6 @@ cert_VerifySubjectAltName(const CERTCertificate *cert, const char *hn)
     char              cnbuf[128];
 
     subAltName.data = NULL;
-    hnLen    = strlen(hn);
     cn       = cnbuf;
     cnBufLen = sizeof cnbuf;
 
@@ -2311,7 +2316,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
 {
     unsigned int i;
     unsigned int *pflags;
-    
+
     if (!trust) {
 	PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	return SECFailure;
@@ -2325,7 +2330,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
     }
 
     pflags = &trust->sslFlags;
-    
+
     for (i=0; i < PORT_Strlen(trusts); i++) {
 	switch (trusts[i]) {
 	  case 'p':
@@ -2371,6 +2376,7 @@ CERT_DecodeTrustString(CERTCertTrust *trust, const char *trusts)
 	      }
 	      break;
 	  default:
+              PORT_SetError(SEC_ERROR_INVALID_ARGS);
 	      return SECFailure;
 	}
     }