On Monday 13 April 2009 19:45:03 Daniel Stenberg wrote:
> On Fri, 10 Apr 2009, Kamil Dudka wrote:
> >> Attached to this mail is my first take at addressing the leaked "generic
> >> objects". This seems to fix the problems I see, but there might of
> >> course be more problems lurking. Let me know how it works for you!
> >
> > An incremental patch is attached. It is also changed to destroy objects
> > in reverse order. I am not sure if the initialization of the new
> > variables is necessary. We can drop it if it is already initialized by
> > caller.
> >
> > I am going to apply it on Fedora next week.
>
> Thanks, I applied and committed this just now. For now (at least) I left
> the NULL assignments you added there since it makes the code a lot more
> clear.
I am building the package for Fedora now and just have realized I had made
a terrible bug in the previous patch. Attached one-line patch fixes it.
Sorry for inconveniences.
Kamil
diff -ruNp curl.orig/lib/nss.c curl/lib/nss.c
--- curl.orig/lib/nss.c 2009-04-14 11:10:52.396186000 +0200
+++ curl/lib/nss.c 2009-04-14 11:14:07.843103382 +0200
@@ -363,11 +363,11 @@ static int nss_load_cert(struct ssl_conn
* slot.
*/
ssl->cacert[slotID] = PK11_CreateGenericObject(slot, theTemplate, 4,
- PR_FALSE /* isPerm */);
+ PR_FALSE /* isPerm */);
PK11_FreeSlot(slot);
- if(ssl->cacert == NULL) {
+ if(ssl->cacert[slotID] == NULL) {
free(nickname);
return 0;
}
