mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2024-12-21 03:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key

Browse Source 
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
This commit is contained in:
Rich Megginson 2011-07-25 20:27:59 -06:00 committed by Howard Chu
parent ff7acea2d2
commit fb4b4f7445
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libraries/libldap/tls_m.c
View File

@ -1811,6 +1811,14 @@ tlsm_get_client_auth_data( void *arg, PRFileDesc *fd,
Debug( LDAP_DEBUG_ANY,
"TLS: error: unable to perform client certificate authentication for "
"certificate named %s\n", ctx->tc_certname, 0, 0 );
if ( pRetKey && *pRetKey ) {
SECKEY_DestroyPrivateKey( *pRetKey );
*pRetKey = NULL;
}
if ( pRetCert && *pRetCert ) {
CERT_DestroyCertificate( *pRetCert );
*pRetCert = NULL;
}
return SECFailure;
}
@ -2162,6 +2170,8 @@ tlsm_deferred_ctx_init( void *arg )
Debug( LDAP_DEBUG_ANY,
"TLS: error: unable to find and verify server's cert and key for certificate %s\n",
ctx->tc_certname, 0, 0 );
CERT_DestroyCertificate( serverCert );
SECKEY_DestroyPrivateKey( serverKey );
return -1;
}