From 186b6d5d39a1feeaa5f9493d28dc4f53015d551d Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Wed, 17 Oct 2012 14:33:35 -0400
Subject: [PATCH 13/42] Don't set up digests in cms_context_init.

Move digest setup out of cms_context_init, so we can avoid leaking the
reference to the digests by not having them in ctx->backup_cms in the
daemon.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 src/cms_common.c |  9 ++-------
 src/cms_common.h |  3 +++
 src/daemon.c     | 27 +++++++++++++++++++++++++++
 3 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/src/cms_common.c b/src/cms_common.c
index 6219a2a..a8e34dd 100644
--- a/src/cms_common.c
+++ b/src/cms_common.c
@@ -97,7 +97,7 @@ digest_get_digest_size(cms_context *cms)
 }
 
 
-static int
+int
 setup_digests(cms_context *cms)
 {
 	struct digest *digests = NULL;
@@ -133,7 +133,7 @@ err:
 	return -1;
 }
 
-static void
+void
 teardown_digests(cms_context *ctx)
 {
 	struct digest *digests = ctx->digests;
@@ -199,11 +199,6 @@ cms_context_init(cms_context *cms)
 		return -1;
 	}
 
-	int rc = setup_digests(cms);
-	if (rc < 0) {
-		PORT_FreeArena(cms->arena, PR_TRUE);
-		return -1;
-	}
 	cms->selected_digest = -1;
 
 	return 0;
diff --git a/src/cms_common.h b/src/cms_common.h
index fc80fa3..830427e 100644
--- a/src/cms_common.h
+++ b/src/cms_common.h
@@ -86,6 +86,9 @@ extern int cms_context_alloc(cms_context **ctxp);
 extern int cms_context_init(cms_context *ctx);
 extern void cms_context_fini(cms_context *ctx);
 
+extern int setup_digests(cms_context *cms);
+extern void teardown_digests(cms_context *ctx);
+
 extern int generate_octet_string(cms_context *ctx, SECItem *encoded,
 				SECItem *original);
 extern int generate_object_id(cms_context *ctx, SECItem *encoded,
diff --git a/src/daemon.c b/src/daemon.c
index a31c063..f44f069 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -143,6 +143,15 @@ handle_unlock_token(context *ctx, struct pollfd *pollfd, socklen_t size)
 		return;
 	}
 
+	rc = setup_digests(ctx->cms);
+	if (rc < 0) {
+		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
+			"Could not initialize digests: %s\n",
+			PORT_ErrorToString(PORT_GetError()));
+		send_response(ctx, ctx->backup_cms, pollfd, rc);
+		return;
+	}
+
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	if (!buffer) {
@@ -491,6 +500,15 @@ handle_sign_attached(context *ctx, struct pollfd *pollfd, socklen_t size)
 	if (rc < 0)
 		return;
 
+	rc = setup_digests(ctx->cms);
+	if (rc < 0) {
+		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
+			"Could not initialize digests: %s\n",
+			PORT_ErrorToString(PORT_GetError()));
+		send_response(ctx, ctx->backup_cms, pollfd, rc);
+		return;
+	}
+
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	handle_signing(ctx, pollfd, size, 1);
@@ -506,6 +524,15 @@ handle_sign_detached(context *ctx, struct pollfd *pollfd, socklen_t size)
 	if (rc < 0)
 		return;
 
+	rc = setup_digests(ctx->cms);
+	if (rc < 0) {
+		ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_NOTICE,
+			"Could not initialize digests: %s\n",
+			PORT_ErrorToString(PORT_GetError()));
+		send_response(ctx, ctx->backup_cms, pollfd, rc);
+		return;
+	}
+
 	steal_from_cms(ctx->backup_cms, ctx->cms);
 
 	handle_signing(ctx, pollfd, size, 0);
-- 
1.7.12.1