From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Wed, 17 Oct 2012 09:53:07 -0400 Subject: [PATCH 01/42] Use PK11_TraverseCertsForNicknameInSlot after all. As of 76bc13c it doesn't appear to be leaky any more, and it does a better job of disinguishing between certificates with the same nickname than we did when doing it by hand. Signed-off-by: Peter Jones --- src/cms_common.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/cms_common.c b/src/cms_common.c index 644b44c..2d51979 100644 --- a/src/cms_common.c +++ b/src/cms_common.c @@ -465,23 +465,23 @@ err_slots: goto err_slots_errmsg; } + SECItem nickname = { + .data = (void *)cms->certname, + .len = strlen(cms->certname) + 1, + .type = siUTF8String, + }; struct cbdata cbdata = { .cert = NULL, .psle = psle, .pwdata = pwdata, }; - CERTCertListNode *node = NULL; - for (node = CERT_LIST_HEAD(certlist); !CERT_LIST_END(node,certlist); - node = CERT_LIST_NEXT(node)) { - if (strcmp(cms->certname, node->cert->nickname)) - continue; + status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot, + is_valid_cert, &cbdata); + if (cbdata.cert == NULL) + goto err_slots; - if (is_valid_cert(node->cert, &cbdata) == SECSuccess) { - cms->cert = CERT_DupCertificate(cbdata.cert); - break; - } - } + cms->cert = CERT_DupCertificate(cbdata.cert); PK11_DestroySlotListElement(slots, &psle); PK11_FreeSlotList(slots); -- 1.7.12.1