On Monday 13 April 2009 19:45:03 Daniel Stenberg wrote: > On Fri, 10 Apr 2009, Kamil Dudka wrote: > >> Attached to this mail is my first take at addressing the leaked "generic > >> objects". This seems to fix the problems I see, but there might of > >> course be more problems lurking. Let me know how it works for you! > > > > An incremental patch is attached. It is also changed to destroy objects > > in reverse order. I am not sure if the initialization of the new > > variables is necessary. We can drop it if it is already initialized by > > caller. > > > > I am going to apply it on Fedora next week. > > Thanks, I applied and committed this just now. For now (at least) I left > the NULL assignments you added there since it makes the code a lot more > clear.
I am building the package for Fedora now and just have realized I had made a terrible bug in the previous patch. Attached one-line patch fixes it. Sorry for inconveniences. Kamil
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c --- curl.orig/lib/nss.c 2009-04-14 11:10:52.396186000 +0200 +++ curl/lib/nss.c 2009-04-14 11:14:07.843103382 +0200 @@ -363,11 +363,11 @@ static int nss_load_cert(struct ssl_conn * slot. */ ssl->cacert[slotID] = PK11_CreateGenericObject(slot, theTemplate, 4, - PR_FALSE /* isPerm */); + PR_FALSE /* isPerm */); PK11_FreeSlot(slot); - if(ssl->cacert == NULL) { + if(ssl->cacert[slotID] == NULL) { free(nickname); return 0; }