Loading lib/vtls/nss.c +14 −9 Original line number Diff line number Diff line Loading @@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, } /* add given CRL to cache if it is not already there */ static SECStatus nss_cache_crl(SECItem *crlDER) static CURLcode nss_cache_crl(SECItem *crl_der) { CERTCertDBHandle *db = CERT_GetDefaultCertDB(); CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0); CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0); if(crl) { /* CRL already cached */ SEC_DestroyCrl(crl); SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } /* acquire lock before call of CERT_CacheCRL() */ PR_Lock(nss_crllock); if(SECSuccess != CERT_CacheCRL(db, crlDER)) { if(SECSuccess != CERT_CacheCRL(db, crl_der)) { /* unable to cache CRL */ PR_Unlock(nss_crllock); SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } Loading @@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename) PRFileDesc *infile; PRFileInfo info; SECItem filedata = { 0, NULL, 0 }; SECItem crlDER = { 0, NULL, 0 }; SECItem *crl_der = NULL; char *body; infile = PR_Open(crlfilename, PR_RDONLY, 0); Loading @@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename) if(info.size != PR_Read(infile, filedata.data, info.size)) goto fail; crl_der = SECITEM_AllocItem(NULL, NULL, 0U); if(!crl_der) goto fail; /* place a trailing zero right after the visible data */ body = (char*)filedata.data; body[--filedata.len] = '\0'; Loading @@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename) /* retrieve DER from ASCII */ *trailer = '\0'; if(ATOB_ConvertAsciiToItem(&crlDER, begin)) if(ATOB_ConvertAsciiToItem(crl_der, begin)) goto fail; SECITEM_FreeItem(&filedata, PR_FALSE); } else /* assume DER */ crlDER = filedata; *crl_der = filedata; PR_Close(infile); return nss_cache_crl(&crlDER); return nss_cache_crl(crl_der); fail: PR_Close(infile); SECITEM_FreeItem(crl_der, PR_TRUE); SECITEM_FreeItem(&filedata, PR_FALSE); return CURLE_SSL_CRL_BADFILE; } Loading Loading
lib/vtls/nss.c +14 −9 Original line number Diff line number Diff line Loading @@ -431,23 +431,23 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl, } /* add given CRL to cache if it is not already there */ static SECStatus nss_cache_crl(SECItem *crlDER) static CURLcode nss_cache_crl(SECItem *crl_der) { CERTCertDBHandle *db = CERT_GetDefaultCertDB(); CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crlDER, 0); CERTSignedCrl *crl = SEC_FindCrlByDERCert(db, crl_der, 0); if(crl) { /* CRL already cached */ SEC_DestroyCrl(crl); SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } /* acquire lock before call of CERT_CacheCRL() */ PR_Lock(nss_crllock); if(SECSuccess != CERT_CacheCRL(db, crlDER)) { if(SECSuccess != CERT_CacheCRL(db, crl_der)) { /* unable to cache CRL */ PR_Unlock(nss_crllock); SECITEM_FreeItem(crlDER, PR_FALSE); SECITEM_FreeItem(crl_der, PR_TRUE); return CURLE_SSL_CRL_BADFILE; } Loading @@ -462,7 +462,7 @@ static CURLcode nss_load_crl(const char* crlfilename) PRFileDesc *infile; PRFileInfo info; SECItem filedata = { 0, NULL, 0 }; SECItem crlDER = { 0, NULL, 0 }; SECItem *crl_der = NULL; char *body; infile = PR_Open(crlfilename, PR_RDONLY, 0); Loading @@ -478,6 +478,10 @@ static CURLcode nss_load_crl(const char* crlfilename) if(info.size != PR_Read(infile, filedata.data, info.size)) goto fail; crl_der = SECITEM_AllocItem(NULL, NULL, 0U); if(!crl_der) goto fail; /* place a trailing zero right after the visible data */ body = (char*)filedata.data; body[--filedata.len] = '\0'; Loading @@ -498,20 +502,21 @@ static CURLcode nss_load_crl(const char* crlfilename) /* retrieve DER from ASCII */ *trailer = '\0'; if(ATOB_ConvertAsciiToItem(&crlDER, begin)) if(ATOB_ConvertAsciiToItem(crl_der, begin)) goto fail; SECITEM_FreeItem(&filedata, PR_FALSE); } else /* assume DER */ crlDER = filedata; *crl_der = filedata; PR_Close(infile); return nss_cache_crl(&crlDER); return nss_cache_crl(crl_der); fail: PR_Close(infile); SECITEM_FreeItem(crl_der, PR_TRUE); SECITEM_FreeItem(&filedata, PR_FALSE); return CURLE_SSL_CRL_BADFILE; } Loading
