cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] nss: start with no database if the selected database is broken

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 15 Aug 2011 14:21:55 +0200 (CEST)

On Mon, 15 Aug 2011, Kamil Dudka wrote:

> the attached patch allows curl to initialize SSL, even if the NSS database
> is broken. Originally reported at https://bugzilla.redhat.com/728562 .
> Any feedback welcome!

I only have one comment that isn't even strictly on topic but I came to think
of it now when reading the patch. This particular code is however now new.

> + char *certpath = PR_smprintf("%s%s", use_sql ? "sql:" : "", cert_dir);

The code doesn't check for failure, so in OOM situations the code following
this will read from NULL. That made me think if you shouldn't rather use our
own aprintf() instead of PR_smprintf() there as then we'd get that memory
allocation tested in our torture tests.

Either way, it should check 'certpath' for NULL.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-08-15