Commit c8ea86f3 authored by Kamil Dudka's avatar Kamil Dudka
Browse files

nss: do not leak PKCS #11 slot while loading a key 

It could prevent nss-pem from being unloaded later on.

Bug: https://bugzilla.redhat.com/1444860
parent 9c5aed18

lib/vtls/nss.c

+4 −2
Original line number Diff line number Diff line
@@ -603,7 +603,7 @@ fail: 
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,

                             char *key_file)

{

  PK11SlotInfo *slot;

  PK11SlotInfo *slot, *tmp;

  SECStatus status;

  CURLcode result;

  struct ssl_connect_data *ssl = conn->ssl;
@@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, 
    return CURLE_SSL_CERTPROBLEM;



  /* This will force the token to be seen as re-inserted */

  SECMOD_WaitForAnyTokenEvent(mod, 0, 0);

  tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);

  if(tmp)

    PK11_FreeSlot(tmp);

  PK11_IsPresent(slot);



  status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));