mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
nss: avoid a SIGSEGV with immature version of NSS
Bug: https://bugzilla.redhat.com/733685
This commit is contained in:
parent
06e6755e87
commit
491c5a497c
24
lib/nss.c
24
lib/nss.c
@ -382,7 +382,29 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
|||||||
/* libnsspem.so leaks memory if the requested file does not exist. For more
|
/* libnsspem.so leaks memory if the requested file does not exist. For more
|
||||||
* details, go to <https://bugzilla.redhat.com/734760>. */
|
* details, go to <https://bugzilla.redhat.com/734760>. */
|
||||||
if(is_file(filename))
|
if(is_file(filename))
|
||||||
return nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
|
err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
|
||||||
|
|
||||||
|
if(CURLE_OK == err && !cacert) {
|
||||||
|
/* we have successfully loaded a client certificate */
|
||||||
|
CERTCertificate *cert;
|
||||||
|
char *nickname = NULL;
|
||||||
|
char *n = strrchr(filename, '/');
|
||||||
|
if(n)
|
||||||
|
n++;
|
||||||
|
|
||||||
|
/* The following undocumented magic helps to avoid a SIGSEGV on call
|
||||||
|
* of PK11_ReadRawAttribute() from SelectClientCert() when using an
|
||||||
|
* immature version of libnsspem.so. For more details, go to
|
||||||
|
* <https://bugzilla.redhat.com/733685>. */
|
||||||
|
nickname = aprintf("PEM Token #1:%s", n);
|
||||||
|
if(nickname) {
|
||||||
|
cert = PK11_FindCertFromNickname(nickname, NULL);
|
||||||
|
if(cert)
|
||||||
|
CERT_DestroyCertificate(cert);
|
||||||
|
|
||||||
|
free(nickname);
|
||||||
|
}
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
return err;
|
return err;
|
||||||
|
Loading…
Reference in New Issue
Block a user