diff options
| author | tbarzic@chromium.org <tbarzic@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-29 01:12:27 +0000 |
|---|---|---|
| committer | tbarzic@chromium.org <tbarzic@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-01-29 01:12:27 +0000 |
| commit | 6b2370f6b705b41f4b012935ff655a5ae1a5b65d (patch) | |
| tree | 67886e76ff2936406734fd6a275c206be8e2bcca /chromeos/network | |
| parent | e614ad418e235707b20f71671b45617d28579109 (diff) | |
| download | chromium_src-6b2370f6b705b41f4b012935ff655a5ae1a5b65d.zip chromium_src-6b2370f6b705b41f4b012935ff655a5ae1a5b65d.tar.gz chromium_src-6b2370f6b705b41f4b012935ff655a5ae1a5b65d.tar.bz2 | |
Fix a leak in client_cert_resolver
BUG=272596
TEST=chromeos_unittests under valgrind
Review URL: https://codereview.chromium.org/145273015
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@247558 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos/network')
| -rw-r--r-- | chromeos/network/client_cert_resolver.cc | 7 | ||||
| -rw-r--r-- | chromeos/network/client_cert_util.cc | 8 |
2 files changed, 9 insertions, 6 deletions
diff --git a/chromeos/network/client_cert_resolver.cc b/chromeos/network/client_cert_resolver.cc index 52c6612a..dd66e94 100644 --- a/chromeos/network/client_cert_resolver.cc +++ b/chromeos/network/client_cert_resolver.cc @@ -30,6 +30,7 @@ #include "chromeos/tpm_token_loader.h" #include "components/onc/onc_constants.h" #include "dbus/object_path.h" +#include "net/cert/scoped_nss_types.h" #include "net/cert/x509_certificate.h" namespace chromeos { @@ -147,15 +148,15 @@ void FindCertificateMatches(const net::CertificateList& certs, !HasPrivateKey(cert)) { continue; } - net::X509Certificate::OSCertHandle issuer_handle = - CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA); + net::ScopedCERTCertificate issuer_handle( + CERT_FindCertIssuer(cert.os_cert_handle(), PR_Now(), certUsageAnyCA)); if (!issuer_handle) { LOG(ERROR) << "Couldn't find an issuer."; continue; } scoped_refptr<net::X509Certificate> issuer = net::X509Certificate::CreateFromHandle( - issuer_handle, + issuer_handle.get(), net::X509Certificate::OSCertHandles() /* no intermediate certs */); if (!issuer) { LOG(ERROR) << "Couldn't create issuer cert."; diff --git a/chromeos/network/client_cert_util.cc b/chromeos/network/client_cert_util.cc index a7ece77..c62c9ab 100644 --- a/chromeos/network/client_cert_util.cc +++ b/chromeos/network/client_cert_util.cc @@ -16,6 +16,7 @@ #include "net/base/net_errors.h" #include "net/cert/cert_database.h" #include "net/cert/nss_cert_database.h" +#include "net/cert/scoped_nss_types.h" #include "net/cert/x509_cert_types.h" #include "net/cert/x509_certificate.h" #include "third_party/cros_system_api/dbus/service_constants.h" @@ -71,14 +72,15 @@ class IssuerCaFilter { // Find the certificate issuer for each certificate. // TODO(gspencer): this functionality should be available from // X509Certificate or NSSCertDatabase. - CERTCertificate* issuer_cert = CERT_FindCertIssuer( - cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA); + net::ScopedCERTCertificate issuer_cert(CERT_FindCertIssuer( + cert.get()->os_cert_handle(), PR_Now(), certUsageAnyCA)); if (!issuer_cert) return true; std::string pem_encoded; - if (!net::X509Certificate::GetPEMEncoded(issuer_cert, &pem_encoded)) { + if (!net::X509Certificate::GetPEMEncoded(issuer_cert.get(), + &pem_encoded)) { LOG(ERROR) << "Couldn't PEM-encode certificate."; return true; } |