pesign/0001-Use-PK11_TraverseCertsForNicknameInSlot-after-all.patch
Peter Jones 70aaeb7aa3 Fix various bugs from 0.99-1
- Don't make the database unreadable just yet.
2012-10-17 09:59:14 -04:00

56 lines
1.5 KiB
Diff

From 406a08cc45a2d0761294002d946ee3381a4706ee Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 09:53:07 -0400
Subject: [PATCH 1/4] Use PK11_TraverseCertsForNicknameInSlot after all.
As of 76bc13c it doesn't appear to be leaky any more, and it does a
better job of disinguishing between certificates with the same nickname
than we did when doing it by hand.
Signed-off-by: Peter Jones <pjones@redhat.com>
---
src/cms_common.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/src/cms_common.c b/src/cms_common.c
index 644b44c..2d51979 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -465,23 +465,23 @@ err_slots:
goto err_slots_errmsg;
}
+ SECItem nickname = {
+ .data = (void *)cms->certname,
+ .len = strlen(cms->certname) + 1,
+ .type = siUTF8String,
+ };
struct cbdata cbdata = {
.cert = NULL,
.psle = psle,
.pwdata = pwdata,
};
- CERTCertListNode *node = NULL;
- for (node = CERT_LIST_HEAD(certlist); !CERT_LIST_END(node,certlist);
- node = CERT_LIST_NEXT(node)) {
- if (strcmp(cms->certname, node->cert->nickname))
- continue;
+ status = PK11_TraverseCertsForNicknameInSlot(&nickname, psle->slot,
+ is_valid_cert, &cbdata);
+ if (cbdata.cert == NULL)
+ goto err_slots;
- if (is_valid_cert(node->cert, &cbdata) == SECSuccess) {
- cms->cert = CERT_DupCertificate(cbdata.cert);
- break;
- }
- }
+ cms->cert = CERT_DupCertificate(cbdata.cert);
PK11_DestroySlotListElement(slots, &psle);
PK11_FreeSlotList(slots);
--
1.7.12.1