From ba1da47aa5080a73742ca9bc7c22ce2a703a3925 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 24 Apr 2017 15:01:04 +0200 Subject: [PATCH] nss: do not leak PKCS #11 slot while loading a key It could prevent nss-pem from being unloaded later on. Bug: https://bugzilla.redhat.com/1444860 Upstream-commit: c8ea86f377a2f341db635ec96f99314023b5a8f3 Signed-off-by: Kamil Dudka --- lib/vtls/nss.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 89a16d3..099f364 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -581,7 +581,7 @@ fail: static CURLcode nss_load_key(struct connectdata *conn, int sockindex, char *key_file) { - PK11SlotInfo *slot; + PK11SlotInfo *slot, *tmp; SECStatus status; CURLcode result; struct ssl_connect_data *ssl = conn->ssl; @@ -600,7 +600,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, return CURLE_SSL_CERTPROBLEM; /* This will force the token to be seen as re-inserted */ - SECMOD_WaitForAnyTokenEvent(mod, 0, 0); + tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0); + if(tmp) + PK11_FreeSlot(tmp); PK11_IsPresent(slot); status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); -- 2.9.3