aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Dudka <kdudka@redhat.com>2012-12-03 13:17:50 +0100
committerKamil Dudka <kdudka@redhat.com>2012-12-03 13:34:36 +0100
commit68d2830ee9df50961e481e81c1baaa290c33f03e (patch)
tree51712227f97f4072ed44d99b01eaa1dcea3df28d /lib
parent2ecdd486837d47eafb9861ea48519ed3b57d667b (diff)
nss: prevent NSS from crashing on client auth hook failure
Although it is not explicitly stated in the documentation, NSS uses *pRetCert and *pRetKey even if the client authentication hook returns a failure. Namely, if we destroy *pRetCert without clearing *pRetCert afterwards, NSS destroys the certificate once again, which causes a double free. Reported by: Bob Relyea
Diffstat (limited to 'lib')
-rw-r--r--lib/nss.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/lib/nss.c b/lib/nss.c
index 22b53bfd8..794eccbd4 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -757,6 +757,8 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
static const char pem_slotname[] = "PEM Token #1";
SECItem cert_der = { 0, NULL, 0 };
void *proto_win = SSL_RevealPinArg(sock);
+ struct CERTCertificateStr *cert;
+ struct SECKEYPrivateKeyStr *key;
PK11SlotInfo *slot = PK11_FindSlotByName(pem_slotname);
if(NULL == slot) {
@@ -771,24 +773,27 @@ static SECStatus SelectClientCert(void *arg, PRFileDesc *sock,
return SECFailure;
}
- *pRetCert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
+ cert = PK11_FindCertFromDERCertItem(slot, &cert_der, proto_win);
SECITEM_FreeItem(&cert_der, PR_FALSE);
- if(NULL == *pRetCert) {
+ if(NULL == cert) {
failf(data, "NSS: client certificate from file not found");
PK11_FreeSlot(slot);
return SECFailure;
}
- *pRetKey = PK11_FindPrivateKeyFromCert(slot, *pRetCert, NULL);
+ key = PK11_FindPrivateKeyFromCert(slot, cert, NULL);
PK11_FreeSlot(slot);
- if(NULL == *pRetKey) {
+ if(NULL == key) {
failf(data, "NSS: private key from file not found");
- CERT_DestroyCertificate(*pRetCert);
+ CERT_DestroyCertificate(cert);
return SECFailure;
}
infof(data, "NSS: client certificate from file\n");
- display_cert_info(data, *pRetCert);
+ display_cert_info(data, cert);
+
+ *pRetCert = cert;
+ *pRetKey = key;
return SECSuccess;
}