Blame SOURCES/0057-curl-7.29.0-nss-obj-leak.patch

f0f8d7
From 543ba995e5beb83a754a8f844491446747c83572 Mon Sep 17 00:00:00 2001
f0f8d7
From: Kamil Dudka <kdudka@redhat.com>
f0f8d7
Date: Thu, 8 Feb 2018 11:23:49 +0100
f0f8d7
Subject: [PATCH] nss: use PK11_CreateManagedGenericObject() if available
f0f8d7
f0f8d7
... so that the memory allocated by applications using libcurl does not
f0f8d7
grow per each TLS connection.
f0f8d7
f0f8d7
Bug: https://bugzilla.redhat.com/1510247
f0f8d7
f0f8d7
Closes #2297
f0f8d7
f0f8d7
Upstream-commit: 1605d93a7b8ac4b7f348e304e018e9d15ffaabf0
f0f8d7
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
f0f8d7
---
f0f8d7
 configure            | 10 ++++++++++
f0f8d7
 configure.ac         |  9 +++++++++
f0f8d7
 lib/curl_config.h.in |  3 +++
f0f8d7
 lib/nss.c            | 12 +++++++++++-
f0f8d7
 4 files changed, 33 insertions(+), 1 deletion(-)
f0f8d7
f0f8d7
diff --git a/configure b/configure
f0f8d7
index fc260ee..3c77748 100755
f0f8d7
--- a/configure
f0f8d7
+++ b/configure
f0f8d7
@@ -23753,6 +23753,16 @@ $as_echo "$as_me: detected NSS version $version" >&6;}
f0f8d7
                 NSS_LIBS=$addlib
f0f8d7
 
f0f8d7
 
f0f8d7
+                                ac_fn_c_check_func "$LINENO" "PK11_CreateManagedGenericObject" "ac_cv_func_PK11_CreateManagedGenericObject"
f0f8d7
+if test "x$ac_cv_func_PK11_CreateManagedGenericObject" = xyes; then :
f0f8d7
+
f0f8d7
+
f0f8d7
+$as_echo "#define HAVE_PK11_CREATEMANAGEDGENERICOBJECT 1" >>confdefs.h
f0f8d7
+
f0f8d7
+
f0f8d7
+fi
f0f8d7
+
f0f8d7
+
f0f8d7
                                         if test "x$cross_compiling" != "xyes"; then
f0f8d7
           LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff"
f0f8d7
           export LD_LIBRARY_PATH
f0f8d7
diff --git a/configure.ac b/configure.ac
f0f8d7
index 9612c2f..887ded9 100644
f0f8d7
--- a/configure.ac
f0f8d7
+++ b/configure.ac
f0f8d7
@@ -2216,6 +2216,15 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
f0f8d7
         NSS_LIBS=$addlib
f0f8d7
         AC_SUBST([NSS_LIBS])
f0f8d7
 
f0f8d7
+        dnl PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
f0f8d7
+        dnl PK11_DestroyGenericObject() does not release resources allocated by
f0f8d7
+        dnl PK11_CreateGenericObject() early enough.
f0f8d7
+        AC_CHECK_FUNC(PK11_CreateManagedGenericObject,
f0f8d7
+          [
f0f8d7
+            AC_DEFINE(HAVE_PK11_CREATEMANAGEDGENERICOBJECT, 1,
f0f8d7
+                      [if you have the PK11_CreateManagedGenericObject function])
f0f8d7
+          ])
f0f8d7
+
f0f8d7
         dnl when shared libs were found in a path that the run-time
f0f8d7
         dnl linker doesn't search through, we need to add it to
f0f8d7
         dnl LD_LIBRARY_PATH to prevent further configure tests to fail
f0f8d7
diff --git a/lib/curl_config.h.in b/lib/curl_config.h.in
f0f8d7
index 19b66fa..9db354b 100644
f0f8d7
--- a/lib/curl_config.h.in
f0f8d7
+++ b/lib/curl_config.h.in
f0f8d7
@@ -503,6 +503,9 @@
f0f8d7
 /* Define to 1 if you have the `pipe' function. */
f0f8d7
 #undef HAVE_PIPE
f0f8d7
 
f0f8d7
+/* if you have the PK11_CreateManagedGenericObject function */
f0f8d7
+#undef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
f0f8d7
+
f0f8d7
 /* Define to 1 if you have a working poll function. */
f0f8d7
 #undef HAVE_POLL
f0f8d7
 
f0f8d7
diff --git a/lib/nss.c b/lib/nss.c
f0f8d7
index 1b8abd3..31e5d75 100644
f0f8d7
--- a/lib/nss.c
f0f8d7
+++ b/lib/nss.c
f0f8d7
@@ -399,7 +399,17 @@ static CURLcode nss_create_object(struct ssl_connect_data *ssl,
f0f8d7
     PK11_SETATTRS(attrs, attr_cnt, CKA_TRUST, pval, sizeof(*pval));
f0f8d7
   }
f0f8d7
 
f0f8d7
-  obj = PK11_CreateGenericObject(slot, attrs, attr_cnt, PR_FALSE);
f0f8d7
+  /* PK11_CreateManagedGenericObject() was introduced in NSS 3.34 because
f0f8d7
+   * PK11_DestroyGenericObject() does not release resources allocated by
f0f8d7
+   * PK11_CreateGenericObject() early enough.  */
f0f8d7
+  obj =
f0f8d7
+#ifdef HAVE_PK11_CREATEMANAGEDGENERICOBJECT
f0f8d7
+    PK11_CreateManagedGenericObject
f0f8d7
+#else
f0f8d7
+    PK11_CreateGenericObject
f0f8d7
+#endif
f0f8d7
+    (slot, attrs, attr_cnt, PR_FALSE);
f0f8d7
+
f0f8d7
   PK11_FreeSlot(slot);
f0f8d7
   if(!obj)
f0f8d7
     return err;
f0f8d7
-- 
f0f8d7
2.13.6
f0f8d7