| Index: mozilla/security/nss/lib/pki/pki3hack.c
|
| ===================================================================
|
| --- mozilla/security/nss/lib/pki/pki3hack.c (revision 180567)
|
| +++ mozilla/security/nss/lib/pki/pki3hack.c (working copy)
|
| @@ -3,7 +3,7 @@
|
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
| #ifdef DEBUG
|
| -static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.109 $ $Date: 2012/07/27 21:41:52 $";
|
| +static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.111 $ $Date: 2013/01/07 04:11:51 $";
|
| #endif /* DEBUG */
|
|
|
| /*
|
| @@ -805,7 +805,9 @@
|
| /* we should destroy cc->trust before replacing it, but it's
|
| allocated in cc->arena, so memory growth will occur on each
|
| refresh */
|
| + CERT_LockCertTrust(cc);
|
| cc->trust = trust;
|
| + CERT_UnlockCertTrust(cc);
|
| }
|
| nssTrust_Destroy(nssTrust);
|
| }
|
| @@ -826,7 +828,9 @@
|
| /* we should destroy cc->trust before replacing it, but it's
|
| allocated in cc->arena, so memory growth will occur on each
|
| refresh */
|
| + CERT_LockCertTrust(cc);
|
| cc->trust = trust;
|
| + CERT_UnlockCertTrust(cc);
|
| }
|
| nssCryptokiObject_Destroy(instance);
|
| }
|
| @@ -853,6 +857,7 @@
|
| {
|
| nssDecodedCert *dc = NULL;
|
| CERTCertificate *cc = NULL;
|
| + CERTCertTrust certTrust;
|
|
|
| nssPKIObject_Lock(&c->object);
|
|
|
| @@ -887,14 +892,18 @@
|
| }
|
| if (!cc->nssCertificate || forceUpdate) {
|
| fill_CERTCertificateFields(c, cc, forceUpdate);
|
| - } else if (!cc->trust && !c->object.cryptoContext) {
|
| + } else if (CERT_GetCertTrust(cc, &certTrust) != SECSuccess &&
|
| + !c->object.cryptoContext) {
|
| /* if it's a perm cert, it might have been stored before the
|
| * trust, so look for the trust again. But a temp cert can be
|
| * ignored.
|
| */
|
| CERTCertTrust* trust = NULL;
|
| trust = nssTrust_GetCERTCertTrustForCert(c, cc);
|
| +
|
| + CERT_LockCertTrust(cc);
|
| cc->trust = trust;
|
| + CERT_UnlockCertTrust(cc);
|
| }
|
|
|
| loser:
|
| @@ -1086,13 +1095,14 @@
|
| NSSTrust *nssTrust;
|
| NSSArena *arena;
|
| CERTCertTrust *oldTrust;
|
| + CERTCertTrust *newTrust;
|
| nssListIterator *tokens;
|
| PRBool moving_object;
|
| nssCryptokiObject *newInstance;
|
| nssPKIObject *pkiob;
|
|
|
| if (c == NULL) {
|
| - return SECFailure;
|
| + return PR_FAILURE;
|
| }
|
| oldTrust = nssTrust_GetCERTCertTrustForCert(c, cc);
|
| if (oldTrust) {
|
| @@ -1101,12 +1111,15 @@
|
| return PR_SUCCESS;
|
| } else {
|
| /* take over memory already allocated in cc's arena */
|
| - cc->trust = oldTrust;
|
| + newTrust = oldTrust;
|
| }
|
| } else {
|
| - cc->trust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
|
| + newTrust = PORT_ArenaAlloc(cc->arena, sizeof(CERTCertTrust));
|
| }
|
| - memcpy(cc->trust, trust, sizeof(CERTCertTrust));
|
| + memcpy(newTrust, trust, sizeof(CERTCertTrust));
|
| + CERT_LockCertTrust(cc);
|
| + cc->trust = newTrust;
|
| + CERT_UnlockCertTrust(cc);
|
| /* Set the NSSCerticate's trust */
|
| arena = nssArena_Create();
|
| if (!arena) return PR_FAILURE;
|
|
|
Chromium Code Reviews
Issue 12197027:
Merge NSS_3_14_2_RTM. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/