From 9b3579c447a6e5cca90c120fc1e9482a37dbbf18 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: May 07 2015 20:46:08 +0000 Subject: Handle CERT_ImportCerts() returning an empty array Apparently the CERT_ImportCerts() function can return an array of pointers in which the first pointer is NULL, so we'd better check for that as an error condition, too. --- diff --git a/src/casave.c b/src/casave.c index 18d21b0..a92bd12 100644 --- a/src/casave.c +++ b/src/casave.c @@ -187,12 +187,14 @@ cm_casave_main_n(int fd, struct cm_store_ca *ca, struct cm_store_entry *e, if (found != NULL) { items[0] = &found->derCert; items[1] = NULL; - if (CERT_ImportCerts(certdb, - certUsageSSLCA, - 1, items, - &imported, - PR_TRUE, PR_FALSE, - p) != SECSuccess) { + if ((CERT_ImportCerts(certdb, + certUsageSSLCA, + 1, items, + &imported, + PR_TRUE, PR_FALSE, + p) != SECSuccess) || + (imported == NULL) || + (imported[0] == NULL)) { ec = PORT_GetError(); if (ec != 0) { es = PR_ErrorToName(ec); diff --git a/src/certread-n.c b/src/certread-n.c index 28fb9bb..f2e78c0 100644 --- a/src/certread-n.c +++ b/src/certread-n.c @@ -383,7 +383,8 @@ cm_certread_n_parse(struct cm_store_entry *entry, if ((CERT_ImportCerts(CERT_GetDefaultCertDB(), 0, 1, &items, &certs, PR_FALSE, PR_FALSE, "temp") != SECSuccess) || - (certs == NULL)) { + (certs == NULL) || + (certs[0] == NULL)) { cm_log(1, "Error decoding certificate.\n"); PORT_FreeArena(arena, PR_TRUE); if (NSS_ShutdownContext(ctx) != SECSuccess) { diff --git a/src/certsave-n.c b/src/certsave-n.c index e943514..fcabb95 100644 --- a/src/certsave-n.c +++ b/src/certsave-n.c @@ -596,7 +596,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, SECKEY_DestroyPrivateKey(privkey); } } - if (returned != NULL) { + if ((returned != NULL) && (returned[0] != NULL)) { privkey = PK11_FindKeyByAnyCert(returned[0], NULL); CERT_DestroyCertArray(returned, 1); if (privkey != NULL) {