rpms/curl/devel curl-7.19.5-cc_refcnt-1.patch, NONE, 1.1 curl-7.19.5-cc_refcnt-2.patch, NONE, 1.1 curl.spec, 1.104, 1.105
Kamil Dudka
kdudka at fedoraproject.org
Fri Jul 10 12:27:52 UTC 2009
- Previous message (by thread): rpms/python-application/EL-4 .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 python-application.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/curl/devel curl-7.19.5-cc_refcnt-2.patch,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kdudka
Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17186
Modified Files:
curl.spec
Added Files:
curl-7.19.5-cc_refcnt-1.patch curl-7.19.5-cc_refcnt-2.patch
Log Message:
fix SIGSEGV when using NSS client certificates
curl-7.19.5-cc_refcnt-1.patch:
--- NEW FILE curl-7.19.5-cc_refcnt-1.patch ---
diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
--- curl-7.19.5.orig/lib/nss.c 2009-05-11 11:13:49.000000000 +0200
+++ curl-7.19.5/lib/nss.c 2009-07-10 13:26:15.000000000 +0200
@@ -786,7 +786,8 @@ static SECStatus SelectClientCert(void *
struct CERTCertificateStr **pRetCert,
struct SECKEYPrivateKeyStr **pRetKey)
{
- SECKEYPrivateKey *privKey;
+ SECKEYPrivateKey *privKey = NULL;
+ CERTCertificate *cert;
struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
char *nickname = connssl->client_nickname;
void *proto_win = NULL;
@@ -799,36 +800,32 @@ static SECStatus SelectClientCert(void *
if(!nickname)
return secStatus;
- connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
- if(connssl->client_cert) {
-
+ cert = PK11_FindCertFromNickname(nickname, proto_win);
+ if(cert) {
if(!strncmp(nickname, "PEM Token", 9)) {
CK_SLOT_ID slotID = 1; /* hardcoded for now */
char slotname[SLOTSIZE];
snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
slot = PK11_FindSlotByName(slotname);
- privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
+ privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
PK11_FreeSlot(slot);
if(privKey) {
secStatus = SECSuccess;
}
}
else {
- privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
+ privKey = PK11_FindKeyByAnyCert(cert, proto_win);
if(privKey)
secStatus = SECSuccess;
}
}
- if(secStatus == SECSuccess) {
- *pRetCert = connssl->client_cert;
- *pRetKey = privKey;
- }
- else {
- if(connssl->client_cert)
- CERT_DestroyCertificate(connssl->client_cert);
- connssl->client_cert = NULL;
- }
+ *pRetCert = cert;
+ *pRetKey = privKey;
+
+ /* There's no need to destroy either cert or privKey as
+ * NSS will do that for us even if returning SECFailure
+ */
return secStatus;
}
@@ -912,14 +909,14 @@ void Curl_nss_close(struct connectdata *
free(connssl->client_nickname);
connssl->client_nickname = NULL;
}
- if(connssl->client_cert)
- CERT_DestroyCertificate(connssl->client_cert);
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
if(connssl->key)
(void)PK11_DestroyGenericObject(connssl->key);
if(connssl->cacert[1])
(void)PK11_DestroyGenericObject(connssl->cacert[1]);
if(connssl->cacert[0])
(void)PK11_DestroyGenericObject(connssl->cacert[0]);
+#endif
connssl->handle = NULL;
}
}
@@ -955,10 +952,11 @@ CURLcode Curl_nss_connect(struct connect
if (connssl->state == ssl_connection_complete)
return CURLE_OK;
- connssl->client_cert = NULL;
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
connssl->cacert[0] = NULL;
connssl->cacert[1] = NULL;
connssl->key = NULL;
+#endif
/* FIXME. NSS doesn't support multiple databases open at the same time. */
PR_Lock(nss_initlock);
diff -ruNp curl-7.19.5.orig/lib/urldata.h curl-7.19.5/lib/urldata.h
--- curl-7.19.5.orig/lib/urldata.h 2009-05-11 09:53:38.000000000 +0200
+++ curl-7.19.5/lib/urldata.h 2009-07-10 13:30:55.000000000 +0200
@@ -211,7 +211,6 @@ struct ssl_connect_data {
#ifdef USE_NSS
PRFileDesc *handle;
char *client_nickname;
- CERTCertificate *client_cert;
#ifdef HAVE_PK11_CREATEGENERICOBJECT
PK11GenericObject *key;
PK11GenericObject *cacert[2];
curl-7.19.5-cc_refcnt-2.patch:
--- NEW FILE curl-7.19.5-cc_refcnt-2.patch ---
diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
--- curl-7.19.5.orig/lib/nss.c 2009-07-10 13:54:34.592293130 +0200
+++ curl-7.19.5/lib/nss.c 2009-07-10 13:54:48.250293559 +0200
@@ -856,9 +856,17 @@ void Curl_nss_cleanup(void)
* as a safety feature.
*/
PR_Lock(nss_initlock);
+
+ /* Free references to client certificates held in the SSL session cache.
+ * Omitting this hampers destruction of the security module owning
+ * the certificates. */
+ SSL_ClearSessionCache();
+
if (initialized) {
- if(mod)
+ if(mod) {
+ SECMOD_UnloadUserModule(mod);
SECMOD_DestroyModule(mod);
+ }
mod = NULL;
NSS_Shutdown();
}
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.104
retrieving revision 1.105
diff -u -p -r1.104 -r1.105
--- curl.spec 5 Jul 2009 18:44:07 -0000 1.104
+++ curl.spec 10 Jul 2009 12:27:52 -0000 1.105
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.5
-Release: 6%{?dist}
+Release: 7%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -10,6 +10,8 @@ Patch1: curl-7.15.3-multilib.patch
Patch2: curl-7.16.0-privlibs.patch
Patch3: curl-7.17.1-badsocket.patch
Patch4: curl-7.19.4-debug.patch
+Patch5: curl-7.19.5-cc_refcnt-1.patch
+Patch6: curl-7.19.5-cc_refcnt-2.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -54,6 +56,8 @@ use cURL's capabilities internally.
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
+%patch6 -p1
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -136,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Fri Jul 10 2009 Kamil Dudka <kdudka at redhat.com> 7.19.5-7
+- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson
+
* Sun Jul 05 2009 Kamil Dudka <kdudka at redhat.com> 7.19.5-6
- force test suite to use the just built libcurl, thanks to Paul Howarth
- Previous message (by thread): rpms/python-application/EL-4 .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 python-application.spec, 1.1, 1.2 sources, 1.2, 1.3
- Next message (by thread): rpms/curl/devel curl-7.19.5-cc_refcnt-2.patch,1.1,1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list