curl/0001-curl-7.21.4-a40f58d.patch

From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 17 Feb 2011 17:37:24 +0100
Subject: [PATCH] nss: avoid memory leak on SSL connection failure

---
 lib/nss.c |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)

diff --git a/lib/nss.c b/lib/nss.c
index e115ac9..d26ad5b 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
 #ifdef HAVE_PK11_CREATEGENERICOBJECT
     /* destroy all NSS objects in order to avoid failure of NSS shutdown */
     Curl_llist_destroy(connssl->obj_list, NULL);
+    connssl->obj_list = NULL;
 #endif
     connssl->handle = NULL;
   }
@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   /* make the socket nonblocking */
   sock_opt.option = PR_SockOpt_Nonblocking;
   sock_opt.value.non_blocking = PR_TRUE;
-  if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
     goto error;
 
   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
   if(model)
     PR_Close(model);
 
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
+    /* cleanup on connection failure */
+    Curl_llist_destroy(connssl->obj_list, NULL);
+    connssl->obj_list = NULL;
+#endif
+
   if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
     /* schedule reconnect through Curl_retry_request() */
     data->state.ssl_connect_retry = TRUE;
-- 
1.7.4
nss: avoid memory leak on SSL connection failure 2011-02-17 16:43:52 +00:00			`From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001`
			`From: Kamil Dudka <kdudka@redhat.com>`
			`Date: Thu, 17 Feb 2011 17:37:24 +0100`
			`Subject: [PATCH] nss: avoid memory leak on SSL connection failure`

			`---`
			`lib/nss.c \| 9 ++++++++-`
			`1 files changed, 8 insertions(+), 1 deletions(-)`

			`diff --git a/lib/nss.c b/lib/nss.c`
			`index e115ac9..d26ad5b 100644`
			`--- a/lib/nss.c`
			`+++ b/lib/nss.c`
			`@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)`
			`#ifdef HAVE_PK11_CREATEGENERICOBJECT`
			`/* destroy all NSS objects in order to avoid failure of NSS shutdown */`
			`Curl_llist_destroy(connssl->obj_list, NULL);`
			`+ connssl->obj_list = NULL;`
			`#endif`
			`connssl->handle = NULL;`
			`}`
			`@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)`
			`/* make the socket nonblocking */`
			`sock_opt.option = PR_SockOpt_Nonblocking;`
			`sock_opt.value.non_blocking = PR_TRUE;`
			`- if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)`
			`+ if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)`
			`goto error;`

			`if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)`
			`@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)`
			`if(model)`
			`PR_Close(model);`

			`+#ifdef HAVE_PK11_CREATEGENERICOBJECT`
			`+ /* cleanup on connection failure */`
			`+ Curl_llist_destroy(connssl->obj_list, NULL);`
			`+ connssl->obj_list = NULL;`
			`+#endif`
			`+`
			`if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {`
			`/* schedule reconnect through Curl_retry_request() */`
			`data->state.ssl_connect_retry = TRUE;`
			`--`
			`1.7.4`