Skip to content

Commit c8ea86f

Browse files
kdudkakdudka
committed
nss: do not leak PKCS #11 slot while loading a key
It could prevent nss-pem from being unloaded later on. Bug: https://bugzilla.redhat.com/1444860
1 parent 9c5aed1 commit c8ea86f

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

lib/vtls/nss.c

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -603,7 +603,7 @@ static CURLcode nss_load_crl(const char *crlfilename)
603603
static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
604604
char *key_file)
605605
{
606-
PK11SlotInfo *slot;
606+
PK11SlotInfo *slot, *tmp;
607607
SECStatus status;
608608
CURLcode result;
609609
struct ssl_connect_data *ssl = conn->ssl;
@@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
622622
return CURLE_SSL_CERTPROBLEM;
623623

624624
/* This will force the token to be seen as re-inserted */
625-
SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
625+
tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
626+
if(tmp)
627+
PK11_FreeSlot(tmp);
626628
PK11_IsPresent(slot);
627629

628630
status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));

0 commit comments

Comments
 (0)