mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-04-12 16:20:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

nss: avoid a SIGSEGV with immature version of NSS

Browse Source 
Bug: https://bugzilla.redhat.com/733685
This commit is contained in:
Kamil Dudka 2011-09-06 18:17:38 +02:00
parent 06e6755e87
commit 491c5a497c
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/nss.c
View File

@ -382,7 +382,29 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
/* libnsspem.so leaks memory if the requested file does not exist. For more
* details, go to <https://bugzilla.redhat.com/734760>. */
if(is_file(filename))
return nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
if(CURLE_OK == err && !cacert) {
/* we have successfully loaded a client certificate */
CERTCertificate *cert;
char *nickname = NULL;
char *n = strrchr(filename, '/');
if(n)
n++;
/* The following undocumented magic helps to avoid a SIGSEGV on call
* of PK11_ReadRawAttribute() from SelectClientCert() when using an
* immature version of libnsspem.so. For more details, go to
* <https://bugzilla.redhat.com/733685>. */
nickname = aprintf("PEM Token #1:%s", n);
if(nickname) {
cert = PK11_FindCertFromNickname(nickname, NULL);
if(cert)
CERT_DestroyCertificate(cert);
free(nickname);
}
}
#endif
return err;