Uprev NSS to 3.18 RTM

nss/lib/pki/pki3hack.c

Index: nss/lib/pki/pki3hack.c
diff --git a/nss/lib/pki/pki3hack.c b/nss/lib/pki/pki3hack.c
index 6364eaf33695254cf3a0ddf9c67501aa570fab6d..953d73800c45ab3c356963b3eb49121250db7f2d 100644
--- a/nss/lib/pki/pki3hack.c
+++ b/nss/lib/pki/pki3hack.c
@@ -247,27 +247,28 @@ STAN_GetCertIdentifierFromDER(NSSArena *arenaOpt, NSSDER *der)
 }
 
 NSS_IMPLEMENT PRStatus
-nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der, NSSArena *arena, 
+nssPKIX509_GetIssuerAndSerialFromDER(NSSDER *der,
                                      NSSDER *issuer, NSSDER *serial)
 {
-    SECStatus secrv;
-    SECItem derCert;
+    SECItem derCert   = { 0 };
     SECItem derIssuer = { 0 };
     SECItem derSerial = { 0 };
-    SECITEM_FROM_NSSITEM(&derCert, der);
-    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
+    SECStatus secrv;
+    derCert.data = (unsigned char *)der->data;
+    derCert.len = der->size;
+    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
     if (secrv != SECSuccess) {
 	return PR_FAILURE;
     }
-    (void)nssItem_Create(arena, serial, derSerial.len, derSerial.data);
-    secrv = CERT_IssuerNameFromDERCert(&derCert, &derIssuer);
+    secrv = CERT_SerialNumberFromDERCert(&derCert, &derSerial);
     if (secrv != SECSuccess) {
 	PORT_Free(derSerial.data);
 	return PR_FAILURE;
     }
-    (void)nssItem_Create(arena, issuer, derIssuer.len, derIssuer.data);
-    PORT_Free(derSerial.data);
-    PORT_Free(derIssuer.data);
+    issuer->data = derIssuer.data;
+    issuer->size = derIssuer.len;
+    serial->data = derSerial.data;
+    serial->size = derSerial.len;
     return PR_SUCCESS;
 }
 
@@ -855,6 +856,8 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
     CERTCertificate *cc = NULL;
     CERTCertTrust certTrust;
 
+    /* make sure object does not go away until we finish */
+    nssPKIObject_AddRef(&c->object);
     nssPKIObject_Lock(&c->object);
 
     dc = c->decoding;
@@ -904,6 +907,7 @@ stan_GetCERTCertificate(NSSCertificate *c, PRBool forceUpdate)
 
   loser:
     nssPKIObject_Unlock(&c->object);
+    nssPKIObject_Destroy(&c->object);
     return cc;
 }
 
@@ -1270,6 +1274,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
     int failureCount = 0;        /* actual deletion failures by devices */
     int index;
 
+    nssPKIObject_AddRef(tObject);
     nssPKIObject_Lock(tObject);
     /* Keep going even if a module fails to delete. */
     for (index = 0; index < tObject->numInstances; index++) {
@@ -1303,6 +1308,7 @@ DeleteCertTrustMatchingSlot(PK11SlotInfo *pk11slot, nssPKIObject *tObject)
     }
 
     nssPKIObject_Unlock(tObject);
+    nssPKIObject_Destroy(tObject);
 
     return failureCount == 0 ? PR_SUCCESS : PR_FAILURE;
 }
@@ -1329,6 +1335,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c)
      * loop so that once it's failed the other gets set.
      */
     NSSRWLock_LockRead(td->tokensLock);
+    nssPKIObject_AddRef(cobject);
     nssPKIObject_Lock(cobject);
     for (i = 0; i < cobject->numInstances; i++) {
 	nssCryptokiObject *cInstance = cobject->instances[i];
@@ -1343,6 +1350,7 @@ STAN_DeleteCertTrustMatchingSlot(NSSCertificate *c)
 	}
     }
     nssPKIObject_Unlock(cobject);
+    nssPKIObject_Destroy(cobject);
     NSSRWLock_UnlockRead(td->tokensLock);
     return nssrv;
 }