nss: do not leak PKCS #11 slot while loading a key

It could prevent nss-pem from being unloaded later on. Bug: https://bugzilla.redhat.com/1444860
author: Kamil Dudka <kdudka@redhat.com> 2017-04-24 15:01:04 +0200
committer: Kamil Dudka <kdudka@redhat.com> 2017-04-25 13:22:33 +0200
commit: c8ea86f377a2f341db635ec96f99314023b5a8f3 (patch)
tree: 168210e4b31943b814f5eab21d8a9112a18e8f21 /lib/vtls/nss.c
parent: 9c5aed185209838b524251886238da9b3d58382b (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index e1a122947..0e57ab45d 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -603,7 +603,7 @@ fail:
 static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
                              char *key_file)
 {
-  PK11SlotInfo *slot;
+  PK11SlotInfo *slot, *tmp;
   SECStatus status;
   CURLcode result;
   struct ssl_connect_data *ssl = conn->ssl;
@@ -622,7 +622,9 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex,
     return CURLE_SSL_CERTPROBLEM;
 
   /* This will force the token to be seen as re-inserted */
-  SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+  tmp = SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+  if(tmp)
+    PK11_FreeSlot(tmp);
   PK11_IsPresent(slot);
 
   status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd));
author	Kamil Dudka <kdudka@redhat.com>	2017-04-24 15:01:04 +0200
committer	Kamil Dudka <kdudka@redhat.com>	2017-04-25 13:22:33 +0200
commit	c8ea86f377a2f341db635ec96f99314023b5a8f3 (patch)
tree	168210e4b31943b814f5eab21d8a9112a18e8f21 /lib/vtls/nss.c
parent	9c5aed185209838b524251886238da9b3d58382b (diff)