diff --git a/mozilla/security/nss/lib/certdb/certdb.c b/mozilla/security/nss/lib/certdb/certdb.c
index f479cc6ed27..cae0de70196 100644
--- a/mozilla/security/nss/lib/certdb/certdb.c
+++ b/mozilla/security/nss/lib/certdb/certdb.c
@@ -38,7 +38,7 @@
/*
* Certificate handling code
*
- * $Id: certdb.c,v 1.72 2005-03-05 08:03:03 nelsonb%netscape.com Exp $
+ * $Id: certdb.c,v 1.73 2005-06-30 20:53:46 wtchang%redhat.com Exp $
*/
#include "nssilock.h"
@@ -545,6 +545,7 @@ cert_GetCertType(CERTCertificate *cert)
tmpitem.data = NULL;
CERT_FindNSCertTypeExtension(cert, &tmpitem);
+ encodedExtKeyUsage.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_EXT_KEY_USAGE,
&encodedExtKeyUsage);
if (rv == SECSuccess) {
@@ -671,8 +672,10 @@ cert_GetCertType(CERTCertificate *cert)
}
}
- if (extKeyUsage != NULL) {
+ if (encodedExtKeyUsage.data != NULL) {
PORT_Free(encodedExtKeyUsage.data);
+ }
+ if (extKeyUsage != NULL) {
CERT_DestroyOidSequence(extKeyUsage);
}
/* Assert that it is safe to cast &cert->nsCertType to "PRInt32 *" */
diff --git a/mozilla/security/nss/lib/certdb/genname.c b/mozilla/security/nss/lib/certdb/genname.c
index 9c8d1a801d6..a5ac86e75f6 100644
--- a/mozilla/security/nss/lib/certdb/genname.c
+++ b/mozilla/security/nss/lib/certdb/genname.c
@@ -1462,6 +1462,7 @@ CERT_CompareNameSpace(CERTCertificate *cert,
CERTNameConstraint *matchingConstraints;
CERTCertificate *badCert = NULL;
+ constraintsExtension.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_X509_NAME_CONSTRAINTS,
&constraintsExtension);
if (rv != SECSuccess) {
@@ -1474,6 +1475,7 @@ CERT_CompareNameSpace(CERTCertificate *cert,
}
/* TODO: mark arena */
constraints = cert_DecodeNameConstraints(arena, &constraintsExtension);
+ PORT_Free(constraintsExtension.data);
currentName = namesList;
if (constraints == NULL) { /* decode failed */
rv = SECFailure;
diff --git a/mozilla/security/nss/lib/certhigh/certhigh.c b/mozilla/security/nss/lib/certhigh/certhigh.c
index 56e9695cd75..2c0ffe7cb10 100644
--- a/mozilla/security/nss/lib/certhigh/certhigh.c
+++ b/mozilla/security/nss/lib/certhigh/certhigh.c
@@ -743,6 +743,7 @@ CERT_FindCRLDistributionPoints (CERTCertificate *cert)
{
SECItem encodedExtenValue;
SECStatus rv;
+ CERTCrlDistributionPoints *dps;
encodedExtenValue.data = NULL;
encodedExtenValue.len = 0;
@@ -753,8 +754,11 @@ CERT_FindCRLDistributionPoints (CERTCertificate *cert)
return (NULL);
}
- return (CERT_DecodeCRLDistributionPoints (cert->arena,
- &encodedExtenValue));
+ dps = CERT_DecodeCRLDistributionPoints(cert->arena, &encodedExtenValue);
+
+ PORT_Free(encodedExtenValue.data);
+
+ return dps;
}
/* From crl.c */
diff --git a/mozilla/security/nss/lib/certhigh/certhtml.c b/mozilla/security/nss/lib/certhigh/certhtml.c
index 08e8e5055f3..b6567880265 100644
--- a/mozilla/security/nss/lib/certhigh/certhtml.c
+++ b/mozilla/security/nss/lib/certhigh/certhtml.c
@@ -37,7 +37,7 @@
/*
* certhtml.c --- convert a cert to html
*
- * $Id: certhtml.c,v 1.5 2004-04-25 15:03:03 gerv%gerv.net Exp $
+ * $Id: certhtml.c,v 1.6 2005-06-30 20:53:57 wtchang%redhat.com Exp $
*/
#include "seccomon.h"
@@ -407,7 +407,6 @@ CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
char *notBefore, *notAfter;
char *ret;
char *nickname;
- SECItem dummyitem;
unsigned char fingerprint[16]; /* result of MD5, always 16 bytes */
char *fpstr;
SECItem fpitem;
@@ -435,12 +434,8 @@ CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
showImages = PR_FALSE;
}
- dummyitem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_SUBJECT_LOGO,
- &dummyitem);
- if ( dummyitem.data ) {
- PORT_Free(dummyitem.data);
- }
+ NULL);
if ( rv || !showImages ) {
htmlcertstrings[1] = "";
@@ -468,13 +463,8 @@ CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
htmlcertstrings[5] = subject;
- dummyitem.data = NULL;
-
rv = CERT_FindCertExtension(cert, SEC_OID_NS_CERT_EXT_ISSUER_LOGO,
- &dummyitem);
- if ( dummyitem.data ) {
- PORT_Free(dummyitem.data);
- }
+ NULL);
if ( rv || !showImages ) {
htmlcertstrings[7] = "";
@@ -500,6 +490,7 @@ CERT_HTMLCertInfo(CERTCertificate *cert, PRBool showImages, PRBool showIssuer)
pubk = CERT_ExtractPublicKey(cert);
DSSPriv = NULL;
if (pubk && (pubk->keyType == fortezzaKey)) {
+ SECItem dummyitem;
htmlcertstrings[18] = "
Clearance:";
htmlcertstrings[19] = sec_FortezzaClearance(
&pubk->u.fortezza.clearance);
diff --git a/mozilla/security/nss/lib/certhigh/crlv2.c b/mozilla/security/nss/lib/certhigh/crlv2.c
index 3f0cc88a875..6e1aa88a514 100644
--- a/mozilla/security/nss/lib/certhigh/crlv2.c
+++ b/mozilla/security/nss/lib/certhigh/crlv2.c
@@ -37,7 +37,7 @@
/*
* Code for dealing with x.509 v3 crl and crl entries extensions.
*
- * $Id: crlv2.c,v 1.3 2005-03-08 07:08:47 julien.pierre.bugs%sun.com Exp $
+ * $Id: crlv2.c,v 1.4 2005-06-30 20:53:57 wtchang%redhat.com Exp $
*/
#include "cert.h"
@@ -133,9 +133,8 @@ SECStatus CERT_FindInvalidDateExten (CERTCrl *crl, int64 *value)
rv = SEC_ASN1DecodeItem (NULL, &decodedExtenValue,
SEC_GeneralizedTimeTemplate, &encodedExtenValue);
- if (rv != SECSuccess)
- return (rv);
- rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
+ if (rv == SECSuccess)
+ rv = DER_GeneralizedTimeToTime(value, &encodedExtenValue);
PORT_Free (decodedExtenValue.data);
PORT_Free (encodedExtenValue.data);
return (rv);
diff --git a/mozilla/security/nss/lib/certhigh/ocsp.c b/mozilla/security/nss/lib/certhigh/ocsp.c
index c33fae2c8da..c4167ce7a70 100644
--- a/mozilla/security/nss/lib/certhigh/ocsp.c
+++ b/mozilla/security/nss/lib/certhigh/ocsp.c
@@ -38,7 +38,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
- * $Id: ocsp.c,v 1.20 2004-05-22 01:03:26 nelsonb%netscape.com Exp $
+ * $Id: ocsp.c,v 1.21 2005-06-30 20:53:57 wtchang%redhat.com Exp $
*/
#include "prerror.h"
@@ -2296,14 +2296,9 @@ static PRBool
ocsp_CertHasNoCheckExtension(CERTCertificate *cert)
{
SECStatus rv;
- SECItem extItem;
- extItem.data = NULL;
rv = CERT_FindCertExtension(cert, SEC_OID_PKIX_OCSP_NO_CHECK,
- &extItem);
- if (extItem.data != NULL) {
- PORT_Free(extItem.data);
- }
+ NULL);
if (rv == SECSuccess) {
return PR_TRUE;
}