openldap/openldap-nss-free-peer-cert.patch

memleak in tlsm_auth_cert_handler

In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.

Author: Rich Megginson <rmeggins@redhat.com>
Upstream ITS: #6980
Upstream commit: d944920
Resolves: #717730

diff -uNPrp openldap-2.4.23/libraries/libldap/tls_m.c openldap-2.4.23.fix/libraries/libldap/tls_m.c
--- openldap-2.4.23/libraries/libldap/tls_m.c	2011-07-18 15:54:03.719226863 +0200
+++ openldap-2.4.23.fix/libraries/libldap/tls_m.c	2011-07-18 16:02:59.284531374 +0200
@@ -1034,10 +1034,12 @@ tlsm_auth_cert_handler(void *arg, PRFile
 {
 	SECCertificateUsage certUsage = isServer ? certificateUsageSSLClient : certificateUsageSSLServer;
 	SECStatus ret = SECSuccess;
+	CERTCertificate *peercert = SSL_PeerCertificate( fd );
 
-	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, SSL_PeerCertificate( fd ),
+	ret = tlsm_verify_cert( (CERTCertDBHandle *)arg, peercert,
 							SSL_RevealPinArg( fd ),
 							checksig, certUsage, 0 );
+	CERT_DestroyCertificate( peercert );
 
 	return ret;
 }