diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 14:29:15 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2015-10-02 16:51:57 -0400 |
| commit | 4b2297ac9ac2d60912df1d47cc2553580ea1962f (patch) | |
| tree | 8c79c5b6504761a0b568d4700006d91c6ec20628 /nss_engine_init.c | |
| parent | fc91e5d5f5bd58f9dec4f7653855fd3b9bfaac81 (diff) | |
| download | mod_nss-4b2297ac9ac2d60912df1d47cc2553580ea1962f.tar.gz mod_nss-4b2297ac9ac2d60912df1d47cc2553580ea1962f.tar.xz mod_nss-4b2297ac9ac2d60912df1d47cc2553580ea1962f.zip | |
Fix memory leaks, uninit var, invalid read
Issues reported from valgrind.
The invalid read came from using SNI hostInfo data directly. Just
use the copy we apr_strndup() instead and all is well.
The SNI hostInfo values were leaking. I had removed the calls
to SECITEM_FreweItem at some point and forgotten to re-add them.
mc->semid was not explicitly initialized so could have blown up
if the compiler didn't automatically set it to 0. Explicitly set
it to make warning go away (and to be safe).
Diffstat (limited to 'nss_engine_init.c')
| -rw-r--r-- | nss_engine_init.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nss_engine_init.c b/nss_engine_init.c index 211752c..95a5867 100644 --- a/nss_engine_init.c +++ b/nss_engine_init.c @@ -1205,6 +1205,7 @@ static void nss_init_certificate(server_rec *s, const char *nickname, nnptr++; nn--; } + PORT_FreeArena(certNickDNS->arena, PR_FALSE); } /* Subject/hostname check */ @@ -1787,6 +1788,10 @@ PRInt32 nssSSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "SNI: Successfully paired vhost %s with nickname: %s", vhost, nickName); + apr_pool_destroy(str_p); + SECKEY_DestroyPrivateKey(privKey); + CERT_DestroyCertificate(cert); + return 0; loser: |