aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2011-02-17 17:37:24 +0100
committerKamil Dudka <kdudka@redhat.com>2011-02-17 17:57:16 +0100
commita40f58d2efac45dad7e12ea53870f42c825bcf0d (patch)
tree68463a680bd3103178dc2e0113f203d86e5e4893
parent66582c04b169d84d4c63350f7d7b282e4f8b8128 (diff)
nss: avoid memory leak on SSL connection failure
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/nss.c9
2 files changed, 9 insertions, 1 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 63bb75d13..ccd2eba80 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -13,6 +13,7 @@ This release includes the following changes:
This release includes the following bugfixes:
+ o nss: avoid memory leak on SSL connection failure
o
This release includes the following known bugs:
diff --git a/lib/nss.c b/lib/nss.c
index e115ac912..d26ad5b78 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -1058,6 +1058,7 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
#ifdef HAVE_PK11_CREATEGENERICOBJECT
/* destroy all NSS objects in order to avoid failure of NSS shutdown */
Curl_llist_destroy(connssl->obj_list, NULL);
+ connssl->obj_list = NULL;
#endif
connssl->handle = NULL;
}
@@ -1216,7 +1217,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
/* make the socket nonblocking */
sock_opt.option = PR_SockOpt_Nonblocking;
sock_opt.value.non_blocking = PR_TRUE;
- if(PR_SetSocketOption(model, &sock_opt) != SECSuccess)
+ if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
goto error;
if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
@@ -1407,6 +1408,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
if(model)
PR_Close(model);
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
+ /* cleanup on connection failure */
+ Curl_llist_destroy(connssl->obj_list, NULL);
+ connssl->obj_list = NULL;
+#endif
+
if (ssl3 && tlsv1 && isTLSIntoleranceError(err)) {
/* schedule reconnect through Curl_retry_request() */
data->state.ssl_connect_retry = TRUE;