From a40f58d2efac45dad7e12ea53870f42c825bcf0d Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Thu, 17 Feb 2011 17:37:24 +0100 Subject: [PATCH] nss: avoid memory leak on SSL connection failure --- RELEASE-NOTES | 1 + lib/nss.c | 9 ++++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 63bb75d13..ccd2eba80 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -13,6 +13,7 @@ This release includes the following changes: This release includes the following bugfixes: + o nss: avoid memory leak on SSL connection failure o This release includes the following known bugs: diff --git a/lib/nss.c b/lib/nss.c index e115ac912..d26ad5b78 100644 --- a/lib/nss.c +++ b/lib/nss.c @@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex) #ifdef HAVE_PK11_CREATEGENERICOBJECT /* destroy all NSS objects in order to avoid failure of NSS shutdown */ Curl_llist_destroy(connssl->obj_list, NULL); + connssl->obj_list = NULL; #endif connssl->handle = NULL; } @@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) /* make the socket nonblocking */ sock_opt.option = PR_SockOpt_Nonblocking; sock_opt.value.non_blocking = PR_TRUE; - if(PR_SetSocketOption(model, &sock_opt) != SECSuccess) + if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS) goto error; if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess) @@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex) if(model) PR_Close(model); +#ifdef HAVE_PK11_CREATEGENERICOBJECT + /* cleanup on connection failure */ + Curl_llist_destroy(connssl->obj_list, NULL); + connssl->obj_list = NULL; +#endif + if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) { /* schedule reconnect through Curl_retry_request() */ data->state.ssl_connect_retry = TRUE;