|
 |
9d7d3f |
From 67fdfef9a786fdd08da5456fca6fb30ff0d27be0 Mon Sep 17 00:00:00 2001
|
|
|
9d7d3f |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
9d7d3f |
Date: Mon, 24 Apr 2017 15:01:04 +0200
|
|
|
9d7d3f |
Subject: [PATCH] nss: do not leak PKCS #11 slot while loading a key
|
|
|
9d7d3f |
|
|
|
9d7d3f |
It could prevent nss-pem from being unloaded later on.
|
|
|
9d7d3f |
|
|
|
9d7d3f |
Bug: https://bugzilla.redhat.com/1444860
|
|
|
9d7d3f |
|
|
|
9d7d3f |
Upstream-commit: c8ea86f377a2f341db635ec96f99314023b5a8f3
|
|
|
9d7d3f |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
9d7d3f |
---
|
|
|
9d7d3f |
lib/nss.c | 6 ++++--
|
|
|
9d7d3f |
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
9d7d3f |
|
|
|
9d7d3f |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
9d7d3f |
index b73a1e8..86775b4 100644
|
|
|
9d7d3f |
--- a/lib/nss.c
|
|
|
9d7d3f |
+++ b/lib/nss.c
|
|
|
9d7d3f |
@@ -551,7 +551,7 @@ fail:
|
|
|
9d7d3f |
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
|
9d7d3f |
char *key_file)
|
|
|
9d7d3f |
{
|
|
|
9d7d3f |
- PK11SlotInfo *slot;
|
|
|
9d7d3f |
+ PK11SlotInfo *slot, *tmp;
|
|
|
9d7d3f |
SECStatus status;
|
|
|
9d7d3f |
CURLcode rv;
|
|
|
9d7d3f |
struct ssl_connect_data *ssl = conn->ssl;
|
|
|
9d7d3f |
@@ -568,7 +568,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
|
9d7d3f |
return CURLE_SSL_CERTPROBLEM;
|
|
|
9d7d3f |
|
|
|
9d7d3f |
/* This will force the token to be seen as re-inserted */
|
|
|
9d7d3f |
- SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
|
|
|
9d7d3f |
+ tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
|
|
|
9d7d3f |
+ if(tmp)
|
|
|
9d7d3f |
+ PK11_FreeSlot(tmp);
|
|
|
9d7d3f |
PK11_IsPresent(slot);
|
|
|
9d7d3f |
|
|
|
9d7d3f |
status = PK11_Authenticate(slot, PR_TRUE,
|
|
|
9d7d3f |
--
|
|
|
9d7d3f |
2.13.5
|
|
|
9d7d3f |
|