From c90fe38088a51b034b9b25d5e8b46928c97769d8 Mon Sep 17 00:00:00 2001
From: Jan Vcelak <jvcelak@redhat.com>
Date: Wed, 20 Jul 2011 16:30:37 +0200
Subject: [PATCH] fix: memleak in tlsm_auth_cert_handler

Resolves: #717730
---
 openldap-nss-free-peer-cert.patch | 28 ++++++++++++++++++++++++++++
 openldap.spec                     |  3 +++
 2 files changed, 31 insertions(+)
 create mode 100644 openldap-nss-free-peer-cert.patch

diff --git a/openldap-nss-free-peer-cert.patch b/openldap-nss-free-peer-cert.patch
new file mode 100644
index 0000000..6b58911
--- /dev/null
+++ b/openldap-nss-free-peer-cert.patch
@@ -0,0 +1,28 @@
+memleak in tlsm_auth_cert_handler
+
+In tlsm_auth_cert_handler, we get the peer's cert from the socket using
+SSL_PeerCertificate.  This value is allocated and/or cached.  We must
+destroy it using CERT_DestroyCertificate.
+
+Author: Rich Megginson <rmeggins@redhat.com>
+Upstream ITS: #6980
+Upstream commit: d944920
+Resolves: #717730
+
+diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23.fix/libraries/libldap/tls_m.c
+--- openldap-2.4.23/libraries/libldap/tls_m.c	2011-07-18 15:54:03.719226863 +0200
++++ openldap-2.4.23.fix/libraries/libldap/tls_m.c	2011-07-18 16:02:59.284531374 +0200
+@@ -1034,10 +1034,12 @@ tlsm_auth_cert_handler(void *arg, PRFile
+ {
+ 	SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
+ 	SECStatus ret = SECSuccess;
++	CERTCertificate *peercert = SSL_PeerCertificate( fd );
+ 
+-	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
++	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
+ 							SSL_RevealPinArg( fd ),
+ 							checksig, certUsage, 0 );
++	CERT_DestroyCertificate( peercert );
+ 
+ 	return ret;
+ }
diff --git a/openldap.spec b/openldap.spec
index b5b6db2..99d0228 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -26,6 +26,7 @@ Patch3: openldap-reentrant-gethostby.patch
 Patch4: openldap-smbk5pwd-overlay.patch
 Patch5: openldap-ldaprc-currentdir.patch
 Patch6: openldap-userconfig-setgid.patch
+Patch7: openldap-nss-free-peer-cert.patch
 
 # patches for the evolution library (see README.evolution)
 Patch200: openldap-evolution-ntlm.patch
@@ -125,6 +126,7 @@ pushd openldap-%{version}
 %patch4 -p1 -b .smbk5pwd-overlay
 %patch5 -p1 -b .ldaprc-currentdir
 %patch6 -p1 -b .userconfig-setgid
+%patch7 -p1 -b .nss-free-peer-cert
 
 cp %{_datadir}/libtool/config/config.{sub,guess} build/
 
@@ -649,6 +651,7 @@ exit 0
 %changelog
 * Wed Jul 20 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.26-1
 - rebase to new upstream release
+- fix: memleak in tlsm_auth_cert_handler (#717730)
 
 * Mon Jun 27 2011 Jan Vcelak <jvcelak@redhat.com> 2.4.25-1
 - rebase to new upstream release