liupeng wrote:
Hi,
I have a question about sslsample in NSS.
In sslsample server.c function setupSSLSocket,line 260,as follow:
secStatus = SSL_BadCertHook(sslSocket,
(SSLBadCertHandler)myBadCertHandler, &certErr);
And in sslsample.c function myBadCertHandler line 179,as follow:
*(PRErrorCode *)arg = err = PORT_GetError();
I guess when an invalid client cert provide,it will call
myBadCertHandler,and set error to arg.
But unfortunately,the arg certErr is declared in function
setupSSLSocket,when this function exit,the memoryspace allocate for certErr
was took back by OS.And when myBadCertHandler was called,it will use an
invalid address to set error code.
This is my own opinion,thanks
You're quite right. Thanks for finding and reporting this bug.
Please file a bug report on this in bugzilla.mozilla.org.
I invite you to attach a patch to that bug, correcting the error.
Thanks for helping to make the sample code more exemplary.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
