rpms/curl/devel curl-7.19.4-nss-leak2.patch, NONE, 1.1 curl.spec, 1.96, 1.97
Kamil Dudka
kdudka at fedoraproject.org
Mon Apr 27 08:37:55 UTC 2009
- Previous message (by thread): rpms/backintime/F-10 backintime-0.9.22-remove-checks.patch, NONE, 1.1 backintime.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/perl-Text-CSV/devel import.log, NONE, 1.1 perl-Text-CSV.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12028
Modified Files:
curl.spec
Added Files:
curl-7.19.4-nss-leak2.patch
Log Message:
fix curl/nss memory leaks while using client certificate (#453612)
curl-7.19.4-nss-leak2.patch:
--- NEW FILE curl-7.19.4-nss-leak2.patch ---
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
--- curl-7.19.4.orig/lib/nss.c 2009-04-27 09:48:12.548102000 +0200
+++ curl-7.19.4/lib/nss.c 2009-04-27 09:48:32.993420443 +0200
@@ -527,6 +527,7 @@ static int nss_load_key(struct connectda
return 0;
}
free(parg);
+ PK11_FreeSlot(slot);
return 1;
#else
@@ -819,9 +820,9 @@ static SECStatus SelectClientCert(void *
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
- CERTCertificate *cert;
SECKEYPrivateKey *privKey;
- char *nickname = (char *)arg;
+ struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
+ char *nickname = connssl->client_nickname;
void *proto_win = NULL;
SECStatus secStatus = SECFailure;
PK11SlotInfo *slot;
@@ -832,34 +833,35 @@ static SECStatus SelectClientCert(void *
if(!nickname)
return secStatus;
- cert = PK11_FindCertFromNickname(nickname, proto_win);
- if(cert) {
+ connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
+ if(connssl->client_cert) {
if(!strncmp(nickname, "PEM Token", 9)) {
CK_SLOT_ID slotID = 1; /* hardcoded for now */
char slotname[SLOTSIZE];
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
slot = PK11_FindSlotByName(slotname);
- privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
+ privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
PK11_FreeSlot(slot);
if(privKey) {
secStatus = SECSuccess;
}
}
else {
- privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+ privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
if(privKey)
secStatus = SECSuccess;
}
}
if(secStatus == SECSuccess) {
- *pRetCert = cert;
+ *pRetCert = connssl->client_cert;
*pRetKey = privKey;
}
else {
- if(cert)
- CERT_DestroyCertificate(cert);
+ if(connssl->client_cert)
+ CERT_DestroyCertificate(connssl->client_cert);
+ connssl->client_cert = NULL;
}
return secStatus;
@@ -891,8 +893,12 @@ void Curl_nss_cleanup(void)
* as a safety feature.
*/
PR_Lock(nss_initlock);
- if (initialized)
+ if (initialized) {
+ if(mod)
+ SECMOD_DestroyModule(mod);
+ mod = NULL;
NSS_Shutdown();
+ }
PR_Unlock(nss_initlock);
PR_DestroyLock(nss_initlock);
@@ -940,6 +946,8 @@ void Curl_nss_close(struct connectdata *
free(connssl->client_nickname);
connssl->client_nickname = NULL;
}
+ if(connssl->client_cert)
+ CERT_DestroyCertificate(connssl->client_cert);
if(connssl->key)
(void)PK11_DestroyGenericObject(connssl->key);
if(connssl->cacert[1])
@@ -981,6 +989,7 @@ CURLcode Curl_nss_connect(struct connect
if (connssl->state == ssl_connection_complete)
return CURLE_OK;
+ connssl->client_cert = NULL;
connssl->cacert[0] = NULL;
connssl->cacert[1] = NULL;
connssl->key = NULL;
@@ -1207,8 +1216,7 @@ CURLcode Curl_nss_connect(struct connect
if(SSL_GetClientAuthDataHook(model,
(SSLGetClientAuthData) SelectClientCert,
- (void *)connssl->client_nickname) !=
- SECSuccess) {
+ (void *)connssl) != SECSuccess) {
curlerr = CURLE_SSL_CERTPROBLEM;
goto error;
}
diff -ruNp curl-7.19.4.orig/lib/urldata.h curl-7.19.4/lib/urldata.h
--- curl-7.19.4.orig/lib/urldata.h 2009-04-27 09:48:12.550102000 +0200
+++ curl-7.19.4/lib/urldata.h 2009-04-27 09:48:19.821215391 +0200
@@ -211,6 +211,7 @@ struct ssl_connect_data {
#ifdef USE_NSS
PRFileDesc *handle;
char *client_nickname;
+ CERTCertificate *client_cert;
#ifdef HAVE_PK11_CREATEGENERICOBJECT
PK11GenericObject *key;
PK11GenericObject *cacert[2];
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- curl.spec 22 Apr 2009 10:40:17 -0000 1.96
+++ curl.spec 27 Apr 2009 08:37:25 -0000 1.97
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.4
-Release: 9%{?dist}
+Release: 10%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -12,6 +12,7 @@
Patch5: curl-7.19.4-enable-aes.patch
Patch6: curl-7.19.4-nss-leak.patch
Patch7: curl-7.19.4-debug.patch
+Patch8: curl-7.19.4-nss-leak2.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -58,6 +59,7 @@
%patch5 -p1 -b .enableaes
%patch6 -p1 -b .nssleak
%patch7 -p1 -b .debug
+%patch8 -p1 -b .nssleak2
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -150,6 +152,10 @@
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Mon Apr 27 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-10
+- fix curl/nss memory leaks while using client certificate (#453612, accepted
+ by upstream)
+
* Wed Apr 22 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-9
- add missing BuildRequire for autoconf
- Previous message (by thread): rpms/backintime/F-10 backintime-0.9.22-remove-checks.patch, NONE, 1.1 backintime.spec, NONE, 1.1 import.log, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/perl-Text-CSV/devel import.log, NONE, 1.1 perl-Text-CSV.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list