47 lines
1.6 KiB
Diff
47 lines
1.6 KiB
Diff
From 292debd50217ca5e548d8e4b5b2ce93014884f6d Mon Sep 17 00:00:00 2001
|
|
From: Kamil Dudka <kdudka@redhat.com>
|
|
Date: Thu, 17 Feb 2011 17:37:24 +0100
|
|
Subject: [PATCH] nss: avoid memory leak on SSL connection failure
|
|
|
|
---
|
|
lib/nss.c | 9 ++++++++-
|
|
1 files changed, 8 insertions(+), 1 deletions(-)
|
|
|
|
diff --git a/lib/nss.c b/lib/nss.c
|
|
index e115ac9..d26ad5b 100644
|
|
--- a/lib/nss.c
|
|
+++ b/lib/nss.c
|
|
@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
|
|
#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
|
|
Curl_llist_destroy(connssl->obj_list, NULL);
|
|
+ connssl->obj_list = NULL;
|
|
#endif
|
|
connssl->handle = NULL;
|
|
}
|
|
@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
/* make the socket nonblocking */
|
|
sock_opt.option = PR_SockOpt_Nonblocking;
|
|
sock_opt.value.non_blocking = PR_TRUE;
|
|
- if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
|
|
+ if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
|
|
goto error;
|
|
|
|
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
|
|
@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
|
|
if(model)
|
|
PR_Close(model);
|
|
|
|
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
|
|
+ /* cleanup on connection failure */
|
|
+ Curl_llist_destroy(connssl->obj_list, NULL);
|
|
+ connssl->obj_list = NULL;
|
|
+#endif
|
|
+
|
|
if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
|
|
/* schedule reconnect through Curl_retry_request() */
|
|
data->state.ssl_connect_retry = TRUE;
|
|
--
|
|
1.7.4
|
|
|