astepano / rpms / curl

Forked from rpms/curl 6 years ago
Clone
Source Code
GIT

Blame 0006-curl-7.27.0-68d2830e.patch

f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f7 f8 f9 http2 master metalink olpc2 private-kdudka-debug-scp private-kdudka-libcurl-minimal private-kdudka-libcurl-nss private-kdudka-libcurl-openssl private-kdudka-rebase
  1.   f18
  2.   0006-curl-7.27.0-68d2830e.patch
Blob History Raw
53d6e75 
From c011938e10bf3af5896d0f7f5ecffc22150303f3 Mon Sep 17 00:00:00 2001
53d6e75 
From: Kamil Dudka <kdudka@redhat.com>
53d6e75 
Date: Mon, 3 Dec 2012 13:17:50 +0100
53d6e75 
Subject: [PATCH 1/3] nss: prevent NSS from crashing on client auth hook failure
53d6e75
53d6e75 
Although it is not explicitly stated in the documentation, NSS uses
53d6e75 
*pRetCert and *pRetKey even if the client authentication hook returns
53d6e75 
a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
53d6e75 
afterwards, NSS destroys the certificate once again, which causes a
53d6e75 
double free.
53d6e75
53d6e75 
Reported by: Bob Relyea
53d6e75
53d6e75 
[upstream commit 68d2830ee9df50961e481e81c1baaa290c33f03e]
53d6e75 
---
53d6e75 
 lib/nss.c |   17 +++++++++++------
53d6e75 
 1 files changed, 11 insertions(+), 6 deletions(-)
53d6e75
53d6e75 
diff --git a/lib/nss.c b/lib/nss.c
53d6e75 
index 22b53bf..794eccb 100644
53d6e75 
--- a/lib/nss.c
53d6e75 
+++ b/lib/nss.c
53d6e75 
@@ -757,6 +757,8 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
53d6e75 
     static const char pem_slotname[] = "PEM Token #1";
53d6e75 
     SECItem cert_der = { 0, NULL, 0 };
53d6e75 
     void *proto_win = SSL_RevealPinArg(sock);
53d6e75 
+    struct CERTCertificateStr *cert;
53d6e75 
+    struct SECKEYPrivateKeyStr *key;
53d6e75
53d6e75 
     PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
53d6e75 
     if(NULL == slot) {
53d6e75 
@@ -771,24 +773,27 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
53d6e75 
       return SECFailure;
53d6e75 
     }
53d6e75
53d6e75 
-    *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
53d6e75 
+    cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
53d6e75 
     SECITEM_FreeItem(&cert_der, PR_FALSE);
53d6e75 
-    if(NULL == *pRetCert) {
53d6e75 
+    if(NULL == cert) {
53d6e75 
       failf(data, "NSS: client certificate from file not found");
53d6e75 
       PK11_FreeSlot(slot);
53d6e75 
       return SECFailure;
53d6e75 
     }
53d6e75
53d6e75 
-    *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);
53d6e75 
+    key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
53d6e75 
     PK11_FreeSlot(slot);
53d6e75 
-    if(NULL == *pRetKey) {
53d6e75 
+    if(NULL == key) {
53d6e75 
       failf(data, "NSS: private key from file not found");
53d6e75 
-      CERT_DestroyCertificate(*pRetCert);
53d6e75 
+      CERT_DestroyCertificate(cert);
53d6e75 
       return SECFailure;
53d6e75 
     }
53d6e75
53d6e75 
     infof(data, "NSS: client certificate from file\n");
53d6e75 
-    display_cert_info(data, *pRetCert);
53d6e75 
+    display_cert_info(data, cert);
53d6e75 
+
53d6e75 
+    *pRetCert = cert;
53d6e75 
+    *pRetKey = key;
53d6e75 
     return SECSuccess;
53d6e75 
   }
53d6e75
53d6e75 
--
53d6e75 
1.7.1
53d6e75
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.