From 8ac21093cd8ba66381b292c86abccf76aebc0367 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak@redhat.com>
Date: Wed, 24 Aug 2011 18:48:35 +0200
Subject: [PATCH] fix: memleak - free the return of
 tlsm_find_and_verify_cert_key

Resolves: #725818
---
 openldap-nss-memleak-free-certs.patch | 40 +++++++++++++++++++++++++++
 openldap.spec                         |  3 ++
 2 files changed, 43 insertions(+)
 create mode 100644 openldap-nss-memleak-free-certs.patch

diff --git a/openldap-nss-memleak-free-certs.patch b/openldap-nss-memleak-free-certs.patch
new file mode 100644
index 0000000..f045c6c
--- /dev/null
+++ b/openldap-nss-memleak-free-certs.patch
@@ -0,0 +1,40 @@
+MozNSS: free the return of tlsm_find_and_verify_cert_key
+
+If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
+to verify them, it will leave them allocated for the caller to dispose of.
+There were a couple of places that were not disposing of the cert and key
+upon error.
+
+Author: Rich Megginson <rmeggins@redhat.com>
+Upstream ITS: #7001
+Upstream commit: fb4b4f7445d9392fbae097cc861e4cfb1694dcae
+Resolves: #725818
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 7ae7d82..72fdf49 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -1811,6 +1811,14 @@ tlsm_get_client_auth_data( void *arg, PRFileDesc *fd,
+ 		Debug( LDAP_DEBUG_ANY,
+ 			   "TLS: error: unable to perform client certificate authentication for "
+ 			   "certificate named %s\n", ctx->tc_certname, 0, 0 );
++		if ( pRetKey && *pRetKey ) {
++			SECKEY_DestroyPrivateKey( *pRetKey );
++			*pRetKey = NULL;
++		}
++		if ( pRetCert && *pRetCert ) {
++			CERT_DestroyCertificate( *pRetCert );
++			*pRetCert = NULL;
++		}
+ 		return SECFailure;
+ 	}
+ 
+@@ -2162,6 +2170,8 @@ tlsm_deferred_ctx_init( void *arg )
+ 			Debug( LDAP_DEBUG_ANY, 
+ 			       "TLS: error: unable to find and verify server's cert and key for certificate %s\n",
+ 			       ctx->tc_certname, 0, 0 );
++			CERT_DestroyCertificate( serverCert );
++			SECKEY_DestroyPrivateKey( serverKey );
+ 			return -1;
+ 		}
+ 
diff --git a/openldap.spec b/openldap.spec
index 22226b4..8e5379e 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -33,6 +33,7 @@ Patch7: openldap-nss-free-peer-cert.patch
 Patch8: openldap-nss-init-threadsafe.patch
 Patch9: openldap-nss-reqcert-hostname.patch
 Patch10: openldap-nss-verifycert.patch
+Patch11: openldap-nss-memleak-free-certs.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -136,6 +137,7 @@ pushd openldap-%{version}
 %patch8 -p1 -b .nss-init-threadsafe
 %patch9 -p1 -b .nss-reqcert-hostname
 %patch10 -p1 -b .nss-verifycert
+%patch11 -p1 -b .nss-memleak-free-certs
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -663,6 +665,7 @@ exit 0
 - security hardening: library needs partial RELRO support added (#733071)
 - fix: NSS_Init* functions are not thread safe (#731112)
 - fix: incorrect behavior of allow/try options of VerifyCert and TLS_REQCERT (#725819)
+- fix: memleak - free the return of tlsm_find_and_verify_cert_key (#725818)
 
 * Sun Aug 14 2011 Rex Dieter <rdieter@fedoraproject.org> - 2.4.26-1.1
 - Rebuilt for rpm (#728707)