nss: avoid memory leak on SSL connection failure

2011-02-17 17:43:52 +01:00 · 2011-02-17 17:43:52 +01:00 · 579095349b
commit 579095349b
parent 4fddd46419
2 changed files with 53 additions and 0 deletions
--- a/0001-curl-7.21.4-a40f58d.patch
+++ b/0001-curl-7.21.4-a40f58d.patch
@ -0,0 +1,46 @@
+From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 17 Feb 2011 17:37:24 +0100
+Subject: [PATCH] nss: avoid memory leak on SSL connection failure
+
+---
+ lib/nss.c |    9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index e115ac9..d26ad5b 100644
+--- a/lib/nss.c
+++ b/lib/nss.c
+@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
+ #ifdef HAVE_PK11_CREATEGENERICOBJECT
+     /* destroy all NSS objects in order to avoid failure of NSS shutdown */
+     Curl_llist_destroy(connssl->obj_list, NULL);
+    connssl->obj_list = NULL;
+ #endif
+     connssl->handle = NULL;
+   }
+@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+   /* make the socket nonblocking */
+   sock_opt.option = PR_SockOpt_Nonblocking;
+   sock_opt.value.non_blocking = PR_TRUE;
+-  if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
+     goto error;
+ 
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+   if(model)
+     PR_Close(model);
+ 
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
+    /* cleanup on connection failure */
+    Curl_llist_destroy(connssl->obj_list, NULL);
+    connssl->obj_list = NULL;
+#endif
+
+   if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
+     /* schedule reconnect through Curl_retry_request() */
+     data->state.ssl_connect_retry = TRUE;
+-- 
+1.7.4
+
--- a/curl.spec
+++ b/curl.spec
@ -8,6 +8,9 @@ Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 Source3: hide_selinux.c

+# avoid memory leak on SSL connection failure
+Patch1: 0001-curl-7.21.4-a40f58d.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch

@ -103,6 +106,9 @@ for f in CHANGES README; do
    mv -f ${f}.utf8 ${f}
 done

+# upstream patches (already applied)
+%patch1 -p1
+
 # Fedora patches
 %patch101 -p1
 %patch102 -p1
@ -216,6 +222,7 @@ rm -rf $RPM_BUILD_ROOT
 %changelog
 * Thu Feb 17 2011 Kamil Dudka <kdudka@redhat.com> 7.21.4-1
 - new upstream release
+- avoid memory leak on SSL connection failure (upstream commit a40f58d)

 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.21.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild