fix SIGSEGV when using NSS client certificates

curl-7.19.5-cc_refcnt-1.patch

@@ -0,0 +1,101 @@
+diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
+--- curl-7.19.5.orig/lib/nss.c	2009-05-11 11:13:49.000000000 +0200
++++ curl-7.19.5/lib/nss.c	2009-07-10 13:26:15.000000000 +0200
+@@ -786,7 +786,8 @@ static SECStatus SelectClientCert(void *
+                                   struct CERTCertificateStr **pRetCert,
+                                   struct SECKEYPrivateKeyStr **pRetKey)
+ {
+-  SECKEYPrivateKey *privKey;
++  SECKEYPrivateKey *privKey = NULL;
++  CERTCertificate *cert;
+   struct ssl_connect_data *connssl = (struct ssl_connect_data *) arg;
+   char *nickname = connssl->client_nickname;
+   void *proto_win = NULL;
+@@ -799,36 +800,32 @@ static SECStatus SelectClientCert(void *
+   if(!nickname)
+     return secStatus;
+ 
+-  connssl->client_cert = PK11_FindCertFromNickname(nickname, proto_win);
+-  if(connssl->client_cert) {
+-
++  cert = PK11_FindCertFromNickname(nickname, proto_win);
++  if(cert) {
+     if(!strncmp(nickname, "PEM Token", 9)) {
+       CK_SLOT_ID slotID = 1; /* hardcoded for now */
+       char slotname[SLOTSIZE];
+       snprintf(slotname, SLOTSIZE, "PEM Token #%ld", slotID);
+       slot = PK11_FindSlotByName(slotname);
+-      privKey = PK11_FindPrivateKeyFromCert(slot, connssl->client_cert, NULL);
++      privKey = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
+       PK11_FreeSlot(slot);
+       if(privKey) {
+         secStatus = SECSuccess;
+       }
+     }
+     else {
+-      privKey = PK11_FindKeyByAnyCert(connssl->client_cert, proto_win);
++      privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+       if(privKey)
+         secStatus = SECSuccess;
+     }
+   }
+ 
+-  if(secStatus == SECSuccess) {
+-    *pRetCert = connssl->client_cert;
+-    *pRetKey = privKey;
+-  }
+-  else {
+-    if(connssl->client_cert)
+-      CERT_DestroyCertificate(connssl->client_cert);
+-    connssl->client_cert = NULL;
+-  }
++  *pRetCert = cert;
++  *pRetKey = privKey;
++  
++  /* There's no need to destroy either cert or privKey as 
++   * NSS will do that for us even if returning SECFailure
++   */
+ 
+   return secStatus;
+ }
+@@ -912,14 +909,14 @@ void Curl_nss_close(struct connectdata *
+       free(connssl->client_nickname);
+       connssl->client_nickname = NULL;
+     }
+-    if(connssl->client_cert)
+-      CERT_DestroyCertificate(connssl->client_cert);
++#ifdef HAVE_PK11_CREATEGENERICOBJECT      
+     if(connssl->key)
+       (void)PK11_DestroyGenericObject(connssl->key);
+     if(connssl->cacert[1])
+       (void)PK11_DestroyGenericObject(connssl->cacert[1]);
+     if(connssl->cacert[0])
+       (void)PK11_DestroyGenericObject(connssl->cacert[0]);
++#endif
+     connssl->handle = NULL;
+   }
+ }
+@@ -955,10 +952,11 @@ CURLcode Curl_nss_connect(struct connect
+   if (connssl->state == ssl_connection_complete)
+     return CURLE_OK;
+ 
+-  connssl->client_cert = NULL;
++#ifdef HAVE_PK11_CREATEGENERICOBJECT  
+   connssl->cacert[0] = NULL;
+   connssl->cacert[1] = NULL;
+   connssl->key = NULL;
++#endif
+ 
+   /* FIXME. NSS doesn't support multiple databases open at the same time. */
+   PR_Lock(nss_initlock);
+diff -ruNp curl-7.19.5.orig/lib/urldata.h curl-7.19.5/lib/urldata.h
+--- curl-7.19.5.orig/lib/urldata.h	2009-05-11 09:53:38.000000000 +0200
++++ curl-7.19.5/lib/urldata.h	2009-07-10 13:30:55.000000000 +0200
+@@ -211,7 +211,6 @@ struct ssl_connect_data {
+ #ifdef USE_NSS
+   PRFileDesc *handle;
+   char *client_nickname;
+-  CERTCertificate *client_cert;
+ #ifdef HAVE_PK11_CREATEGENERICOBJECT
+   PK11GenericObject *key;
+   PK11GenericObject *cacert[2];

curl-7.19.5-cc_refcnt-2.patch

@@ -0,0 +1,22 @@
+diff -ruNp curl-7.19.5.orig/lib/nss.c curl-7.19.5/lib/nss.c
+--- curl-7.19.5.orig/lib/nss.c	2009-07-10 13:54:34.592293130 +0200
++++ curl-7.19.5/lib/nss.c	2009-07-10 13:54:48.250293559 +0200
+@@ -856,9 +856,17 @@ void Curl_nss_cleanup(void)
+    * as a safety feature.
+    */
+   PR_Lock(nss_initlock);
++
++  /* Free references to client certificates held in the SSL session cache.
++   * Omitting this hampers destruction of the security module owning
++   * the certificates. */
++  SSL_ClearSessionCache();
++
+   if (initialized) {
+-    if(mod)
++    if(mod) {
++      SECMOD_UnloadUserModule(mod);
+       SECMOD_DestroyModule(mod);
++    }
+     mod = NULL;
+     NSS_Shutdown();
+   }

curl.spec

@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.5
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -10,6 +10,8 @@ Patch1: curl-7.15.3-multilib.patch
 Patch2: curl-7.16.0-privlibs.patch
 Patch3: curl-7.17.1-badsocket.patch
 Patch4: curl-7.19.4-debug.patch
+Patch5: curl-7.19.5-cc_refcnt-1.patch
+Patch6: curl-7.19.5-cc_refcnt-2.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -54,6 +56,8 @@ use cURL's capabilities internally.
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
+%patch5 -p1
+%patch6 -p1
 
 # Convert docs to UTF-8
 for f in CHANGES README; do
@@ -136,6 +140,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Fri Jul 10 2009 Kamil Dudka <kdudka@redhat.com> 7.19.5-7
+- fix SIGSEGV when using NSS client certificates, thanks to Claes Jakobsson
+
 * Sun Jul 05 2009 Kamil Dudka <kdudka@redhat.com> 7.19.5-6
 - force test suite to use the just built libcurl, thanks to Paul Howarth