changeset 20831:09b06f6769ee

Prevent leakage of the cert returned by SSL_PeerCertificate(), and prevent allocation since it isn't used currently anyway. Also prevent an assertion when reading a cert file - there are a number of places where g_return_* are misused here that need to be cleaned up.
author Daniel Atallah <daniel.atallah@gmail.com>
date Mon, 08 Oct 2007 14:45:01 +0000
parents 3e4c4a33ea35
children c6f601a8eeba
files libpurple/plugins/ssl/ssl-nss.c
diffstat 1 files changed, 11 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/plugins/ssl/ssl-nss.c	Mon Oct 08 14:26:41 2007 +0000
+++ b/libpurple/plugins/ssl/ssl-nss.c	Mon Oct 08 14:45:01 2007 +0000
@@ -386,6 +386,7 @@
 static GList *
 ssl_nss_peer_certs(PurpleSslConnection *gsc)
 {
+#if 0
 	PurpleSslNssData *nss_data = PURPLE_SSL_NSS_DATA(gsc);
 	CERTCertificate *cert;
 /*
@@ -397,6 +398,10 @@
 	/* TODO: this is a blind guess */
 	cert = SSL_PeerCertificate(nss_data->fd);
 
+	if (cert)
+		CERT_DestroyCertificate(cert);
+#endif
+
 	
 
 	return NULL;
@@ -430,11 +435,12 @@
 			  filename);
 	
 	/* Load the raw data up */
-	g_return_val_if_fail(
-		g_file_get_contents(filename,
-				    &rawcert, &len,
-				    NULL ),
-		NULL);
+	if (!g_file_get_contents(filename,
+				 &rawcert, &len,
+				 NULL)) {
+		purple_debug_error("nss/x509", "Unable to read certificate file.\n");
+		return NULL;
+	}
 
 	/* Decode the certificate */
 	crt_dat = CERT_DecodeCertFromPackage(rawcert, len);