Make the PKINIT NSS path also check for NULL certs

When called to free identity information, do what the OpenSSL-based version does, and error out if the identity information is NULL.
author: Nalin Dahyabhai <nalin@dahyabhai.net> 2013-07-09 14:13:16 -0400
committer: Greg Hudson <ghudson@mit.edu> 2013-07-17 12:24:21 -0400
commit: 8899397ab78ea09b8d7dbb20347dd12c93eb15ee (patch)
tree: 4669d06169da8806dd00165d89bd3eef80b29b2c /src/plugins
parent: fc975f6608015c61afc7fcba728344663b015996 (diff)
download: krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.tar.gz
krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.tar.xz
krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 1b2172c22..56a21702d 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2985,7 +2985,12 @@ crypto_free_cert_info(krb5_context context,
                       pkinit_req_crypto_context req_cryptoctx,
                       pkinit_identity_crypto_context id_cryptoctx)
 {
-    return 0;   /* Maybe should we nuke the id_certs list here? */
+    /* Mimic the OpenSSL-based implementation's check first. */
+    if (id_cryptoctx == NULL)
+        return EINVAL;
+
+    /* Maybe should we nuke the id_certs list here? */
+    return 0;
 }
 
 /* Count how many candidate "self" certificates and keys we have.  We could as
author	Nalin Dahyabhai <nalin@dahyabhai.net>	2013-07-09 14:13:16 -0400
committer	Greg Hudson <ghudson@mit.edu>	2013-07-17 12:24:21 -0400
commit	8899397ab78ea09b8d7dbb20347dd12c93eb15ee (patch)
tree	4669d06169da8806dd00165d89bd3eef80b29b2c /src/plugins
parent	fc975f6608015c61afc7fcba728344663b015996 (diff)
download	krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.tar.gz krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.tar.xz krb5-8899397ab78ea09b8d7dbb20347dd12c93eb15ee.zip