moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity

nss: do not leak PKCS #11 slot while loading a key 

It could prevent nss-pem from being unloaded later on.

Bug: https://bugzilla.redhat.com/1444860
This commit is contained in:
Kamil Dudka 2017-04-24 15:01:04 +02:00
parent 9c5aed1852
commit c8ea86f377
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/vtls/nss.c
View File

@ -603,7 +603,7 @@ fail:
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
char *key_file)
{
PK11SlotInfo *slot;
PK11SlotInfo *slot, *tmp;
SECStatus status;
CURLcode result;
struct ssl_connect_data *ssl = conn->ssl;
@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
return CURLE_SSL_CERTPROBLEM;
/* This will force the token to be seen as re-inserted */
SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
if(tmp)
PK11_FreeSlot(tmp);
PK11_IsPresent(slot);
status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));