3 files changed, 14 insertions, 4 deletions

diff --git a/nss_engine_config.c b/nss_engine_config.c
index 0b4b8b0..c0c7155 100644
--- a/nss_engine_config.c
+++ b/nss_engine_config.c
@@ -53,6 +53,7 @@ SSLModConfigRec *nss_config_global_create(server_rec *s)
     mc->pphrase_dialog_path         = NULL;
     mc->aRandSeed                   = apr_array_make(pool, 4,
                                                      sizeof(ssl_randseed_t));
+    mc->semid                       = 0;
 
     apr_pool_userdata_set(mc, SSL_MOD_CONFIG_KEY,
                           apr_pool_cleanup_null,
diff --git a/nss_engine_init.c b/nss_engine_init.c
index 211752c..95a5867 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -1205,6 +1205,7 @@ static void nss_init_certificate(server_rec *s, const char *nickname,
             nnptr++;
             nn--;
         }
+        PORT_FreeArena(certNickDNS->arena, PR_FALSE);
     }
 
     /* Subject/hostname check */
@@ -1787,6 +1788,10 @@ PRInt32 nssSSLSNISocketConfig(PRFileDesc *fd, const SECItem *sniNameArr,
     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
         "SNI: Successfully paired vhost %s with nickname: %s", vhost, nickName);
 
+    apr_pool_destroy(str_p);
+    SECKEY_DestroyPrivateKey(privKey);
+    CERT_DestroyCertificate(cert);
+
     return 0;
 
 loser:
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 6c15ac5..7995952 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -90,24 +90,25 @@ int nss_hook_ReadReq(request_rec *r)
                 apr_status_t rv;
                 apr_pool_t *s_p;
 
-                hostInfo->data[hostInfo->len] = '\0';
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
-                    "SNI request for %s", (char *)hostInfo->data);
-
                 apr_pool_create(&s_p, NULL);
+
                 servername = apr_pstrndup(s_p, (char *) hostInfo->data, hostInfo->len);
+                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
+                    "SNI request for %s", servername);
 
                 if (!r->hostname) {
                     ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
                         "Hostname %s provided via SNI, but no hostname"
                         " provided in HTTP request", servername);
                     apr_pool_destroy(s_p);
+                    SECITEM_FreeItem(hostInfo, PR_TRUE);
                     return HTTP_BAD_REQUEST;
                 }
 
                 rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
                 if (rv != APR_SUCCESS || scope_id) {
                     apr_pool_destroy(s_p);
+                    SECITEM_FreeItem(hostInfo, PR_TRUE);
                     return HTTP_BAD_REQUEST;
                 }
 
@@ -117,9 +118,11 @@ int nss_hook_ReadReq(request_rec *r)
                         " via HTTP are different", servername, host);
 
                     apr_pool_destroy(s_p);
+                    SECITEM_FreeItem(hostInfo, PR_TRUE);
                     return HTTP_BAD_REQUEST;
                 }
                 apr_pool_destroy(s_p);
+                SECITEM_FreeItem(hostInfo, PR_TRUE);
             }
         } else if (((sc->strict_sni_vhost_check)
                    || (mySrvConfig(r->server))->strict_sni_vhost_check)
@@ -927,6 +930,7 @@ int nss_hook_Fixup(request_rec *r)
     if (hostInfo) {
         servername = apr_pstrndup(r->pool, (char *) hostInfo->data, hostInfo->len);
         apr_table_set(env, "SSL_TLS_SNI", servername);
+        SECITEM_FreeItem(hostInfo, PR_TRUE);
     }
 
     /* standard SSL environment variables */