mirror of
https://github.com/curl/curl.git
synced 2025-03-31 16:00:35 +08:00
nss: avoid a SIGSEGV with immature version of NSS
Bug: https://bugzilla.redhat.com/733685
This commit is contained in:
parent
06e6755e87
commit
491c5a497c
24
lib/nss.c
24
lib/nss.c
@ -382,7 +382,29 @@ static CURLcode nss_load_cert(struct ssl_connect_data *ssl,
|
||||
/* libnsspem.so leaks memory if the requested file does not exist. For more
|
||||
* details, go to <https://bugzilla.redhat.com/734760>. */
|
||||
if(is_file(filename))
|
||||
return nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
|
||||
err = nss_create_object(ssl, CKO_CERTIFICATE, filename, cacert);
|
||||
|
||||
if(CURLE_OK == err && !cacert) {
|
||||
/* we have successfully loaded a client certificate */
|
||||
CERTCertificate *cert;
|
||||
char *nickname = NULL;
|
||||
char *n = strrchr(filename, '/');
|
||||
if(n)
|
||||
n++;
|
||||
|
||||
/* The following undocumented magic helps to avoid a SIGSEGV on call
|
||||
* of PK11_ReadRawAttribute() from SelectClientCert() when using an
|
||||
* immature version of libnsspem.so. For more details, go to
|
||||
* <https://bugzilla.redhat.com/733685>. */
|
||||
nickname = aprintf("PEM Token #1:%s", n);
|
||||
if(nickname) {
|
||||
cert = PK11_FindCertFromNickname(nickname, NULL);
|
||||
if(cert)
|
||||
CERT_DestroyCertificate(cert);
|
||||
|
||||
free(nickname);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return err;
|
||||
|
Loading…
x
Reference in New Issue
Block a user