|
 |
4604e0 |
From 67fdfef9a786fdd08da5456fca6fb30ff0d27be0 Mon Sep 17 00:00:00 2001
|
|
|
4604e0 |
From: Kamil Dudka <kdudka@redhat.com>
|
|
|
4604e0 |
Date: Mon, 24 Apr 2017 15:01:04 +0200
|
|
|
4604e0 |
Subject: [PATCH] nss: do not leak PKCS #11 slot while loading a key
|
|
|
4604e0 |
|
|
|
4604e0 |
It could prevent nss-pem from being unloaded later on.
|
|
|
4604e0 |
|
|
|
4604e0 |
Bug: https://bugzilla.redhat.com/1444860
|
|
|
4604e0 |
|
|
|
4604e0 |
Upstream-commit: c8ea86f377a2f341db635ec96f99314023b5a8f3
|
|
|
4604e0 |
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
|
|
4604e0 |
---
|
|
|
4604e0 |
lib/nss.c | 6 ++++--
|
|
|
4604e0 |
1 file changed, 4 insertions(+), 2 deletions(-)
|
|
|
4604e0 |
|
|
|
4604e0 |
diff --git a/lib/nss.c b/lib/nss.c
|
|
|
4604e0 |
index b73a1e8..86775b4 100644
|
|
|
4604e0 |
--- a/lib/nss.c
|
|
|
4604e0 |
+++ b/lib/nss.c
|
|
|
4604e0 |
@@ -551,7 +551,7 @@ fail:
|
|
|
4604e0 |
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
|
4604e0 |
char *key_file)
|
|
|
4604e0 |
{
|
|
|
4604e0 |
- PK11SlotInfo *slot;
|
|
|
4604e0 |
+ PK11SlotInfo *slot, *tmp;
|
|
|
4604e0 |
SECStatus status;
|
|
|
4604e0 |
CURLcode rv;
|
|
|
4604e0 |
struct ssl_connect_data *ssl = conn->ssl;
|
|
|
4604e0 |
@@ -568,7 +568,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
|
|
|
4604e0 |
return CURLE_SSL_CERTPROBLEM;
|
|
|
4604e0 |
|
|
|
4604e0 |
/* This will force the token to be seen as re-inserted */
|
|
|
4604e0 |
- SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
|
|
|
4604e0 |
+ tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
|
|
|
4604e0 |
+ if(tmp)
|
|
|
4604e0 |
+ PK11_FreeSlot(tmp);
|
|
|
4604e0 |
PK11_IsPresent(slot);
|
|
|
4604e0 |
|
|
|
4604e0 |
status = PK11_Authenticate(slot, PR_TRUE,
|
|
|
4604e0 |
--
|
|
|
4604e0 |
2.13.5
|
|
|
4604e0 |
|