[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 24/254: nss: do not leak PKCS #11 slot while loadin
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [gnurl] 24/254: nss: do not leak PKCS #11 slot while loading a key |
|
Date: |
Sat, 17 Jun 2017 16:50:56 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.54.1
in repository gnurl.
commit c8ea86f377a2f341db635ec96f99314023b5a8f3
Author: Kamil Dudka <address@hidden>
AuthorDate: Mon Apr 24 15:01:04 2017 +0200
nss: do not leak PKCS #11 slot while loading a key
It could prevent nss-pem from being unloaded later on.
Bug: https://bugzilla.redhat.com/1444860
---
lib/vtls/nss.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index e1a122947..0e57ab45d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -603,7 +603,7 @@ fail:
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
char *key_file)
{
- PK11SlotInfo *slot;
+ PK11SlotInfo *slot, *tmp;
SECStatus status;
CURLcode result;
struct ssl_connect_data *ssl = conn->ssl;
@@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int
sockindex,
return CURLE_SSL_CERTPROBLEM;
/* This will force the token to be seen as re-inserted */
- SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+ tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+ if(tmp)
+ PK11_FreeSlot(tmp);
PK11_IsPresent(slot);
status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 17/254: nss: adapt to the new Curl_llist API, (continued)
- [GNUnet-SVN] [gnurl] 17/254: nss: adapt to the new Curl_llist API, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 35/254: test1443: test --remote-time, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 12/254: schannel: Don't treat encrypted partial record as pending data, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 58/254: http: don't clobber the receive buffer for timecond, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 15/254: RELEASE-NOTES: synced with c68fed875, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 16/254: curl-compilers.m4: accept -Og and -Ofast GCC flags, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 19/254: if2ip: fix -Wcast-align warning, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 53/254: http: use private user:password output buffer, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 07/254: typecheck-gcc: handle function pointers properly, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 23/254: typecheck-gcc: fix _curl_is_slist_info, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 24/254: nss: do not leak PKCS #11 slot while loading a key,
gnunet <=
- [GNUnet-SVN] [gnurl] 09/254: gnutls: removed some code when --disable-verbose is configured, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 69/254: openssl: use local stack for temp storage, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 78/254: abstract-unix-socket.d: shorten the help text to fit within 79 cols, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 18/254: Makefile: avoid use of GNU-specific form of $<, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 33/254: cookie_interface.c: changed the other domain to example.com too, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 26/254: nss: load libnssckbi.so if no other trust is specified, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 29/254: http-proxy: remove unused argument from Curl_proxyCONNECT(), gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 36/254: tool_operate: use utimes instead of obsolescent utime when available, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 32/254: cookie_interface.c: fix cookie domain so the example works, gnunet, 2017/06/17
- [GNUnet-SVN] [gnurl] 87/254: test557: set a known good numeric locale, gnunet, 2017/06/17