moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity

nss: do not leak PKCS #11 slot while loading a key

Browse Source 
It could prevent nss-pem from being unloaded later on.

Bug: https://bugzilla.redhat.com/1444860
This commit is contained in:
Kamil Dudka 2017-04-24 15:01:04 +02:00
parent 9c5aed1852
commit c8ea86f377
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/vtls/nss.c
View File

@ -603,7 +603,7 @@ fail:
static CURLcode nss_load_key(struct connectdata *conn, int sockindex, static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
char *key_file) char *key_file)
{ {
PK11SlotInfo *slot; PK11SlotInfo *slot, *tmp;
SECStatus status; SECStatus status;
CURLcode result; CURLcode result;
struct ssl_connect_data *ssl = conn->ssl; struct ssl_connect_data *ssl = conn->ssl;
@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
return CURLE_SSL_CERTPROBLEM; return CURLE_SSL_CERTPROBLEM;
/* This will force the token to be seen as re-inserted */ /* This will force the token to be seen as re-inserted */
SECMOD_WaitForAnyTokenEvent(mod, 0, 0); tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
if(tmp)
PK11_FreeSlot(tmp);
PK11_IsPresent(slot); PK11_IsPresent(slot);
status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));