rpms/curl/devel curl-7.19.4-infloop.patch, NONE, 1.1 curl.spec, 1.97, 1.98
Kamil Dudka
kdudka at fedoraproject.org
Mon May 11 08:06:51 UTC 2009
Author: kdudka
Update of /cvs/extras/rpms/curl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30916
Modified Files:
curl.spec
Added Files:
curl-7.19.4-infloop.patch
Log Message:
fix infinite loop while loading a private key (#453612)
curl-7.19.4-infloop.patch:
--- NEW FILE curl-7.19.4-infloop.patch ---
diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
--- curl-7.19.4.orig/lib/nss.c 2009-05-11 09:47:54.761907000 +0200
+++ curl-7.19.4/lib/nss.c 2009-05-11 09:57:06.889716145 +0200
@@ -85,11 +85,6 @@ volatile int initialized = 0;
#define HANDSHAKE_TIMEOUT 30
typedef struct {
- PRInt32 retryCount;
- struct SessionHandle *data;
-} pphrase_arg_t;
-
-typedef struct {
const char *name;
int num;
PRInt32 version; /* protocol version valid for this cipher */
@@ -483,7 +478,6 @@ static int nss_load_key(struct connectda
CK_BBOOL cktrue = CK_TRUE;
CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
CK_SLOT_ID slotID;
- pphrase_arg_t *parg = NULL;
char slotname[SLOTSIZE];
struct ssl_connect_data *sslconn = &conn->ssl[sockindex];
@@ -516,17 +510,13 @@ static int nss_load_key(struct connectda
SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
PK11_IsPresent(slot);
- parg = malloc(sizeof(pphrase_arg_t));
- if(!parg)
- return 0;
- parg->retryCount = 0;
- parg->data = conn->data;
/* parg is initialized in nss_Init_Tokens() */
- if(PK11_Authenticate(slot, PR_TRUE, parg) != SECSuccess) {
- free(parg);
+ if(PK11_Authenticate(slot, PR_TRUE,
+ conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) {
+
+ PK11_FreeSlot(slot);
return 0;
}
- free(parg);
PK11_FreeSlot(slot);
return 1;
@@ -588,25 +578,11 @@ static int cert_stuff(struct connectdata
static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
{
- pphrase_arg_t *parg;
- parg = (pphrase_arg_t *) arg;
-
(void)slot; /* unused */
- if(retry > 2)
+ if(retry || NULL == arg)
return NULL;
- if(parg->data->set.str[STRING_KEY_PASSWD])
- return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
else
- return NULL;
-}
-
-/* No longer ask for the password, parg has been freed */
-static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
-{
- (void)slot; /* unused */
- (void)retry; /* unused */
- (void)arg; /* unused */
- return NULL;
+ return (char *)PORT_Strdup((char *)arg);
}
static SECStatus nss_Init_Tokens(struct connectdata * conn)
@@ -614,14 +590,6 @@ static SECStatus nss_Init_Tokens(struct
PK11SlotList *slotList;
PK11SlotListElement *listEntry;
SECStatus ret, status = SECSuccess;
- pphrase_arg_t *parg = NULL;
-
- parg = malloc(sizeof(pphrase_arg_t));
- if(!parg)
- return SECFailure;
-
- parg->retryCount = 0;
- parg->data = conn->data;
PK11_SetPasswordFunc(nss_get_password);
@@ -644,7 +612,8 @@ static SECStatus nss_Init_Tokens(struct
continue;
}
- ret = PK11_Authenticate(slot, PR_TRUE, parg);
+ ret = PK11_Authenticate(slot, PR_TRUE,
+ conn->data->set.str[STRING_KEY_PASSWD]);
if(SECSuccess != ret) {
if(PR_GetError() == SEC_ERROR_BAD_PASSWORD)
infof(conn->data, "The password for token '%s' is incorrect\n",
@@ -652,12 +621,9 @@ static SECStatus nss_Init_Tokens(struct
status = SECFailure;
break;
}
- parg->retryCount = 0; /* reset counter to 0 for the next token */
PK11_FreeSlot(slot);
}
- free(parg);
-
return status;
}
@@ -1220,8 +1186,6 @@ CURLcode Curl_nss_connect(struct connect
curlerr = CURLE_SSL_CERTPROBLEM;
goto error;
}
-
- PK11_SetPasswordFunc(nss_no_password);
}
else
connssl->client_nickname = NULL;
Index: curl.spec
===================================================================
RCS file: /cvs/extras/rpms/curl/devel/curl.spec,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -p -r1.97 -r1.98
--- curl.spec 27 Apr 2009 08:37:25 -0000 1.97
+++ curl.spec 11 May 2009 08:06:20 -0000 1.98
@@ -1,7 +1,7 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl
Version: 7.19.4
-Release: 10%{?dist}
+Release: 11%{?dist}
License: MIT
Group: Applications/Internet
Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@@ -13,6 +13,7 @@ Patch5: curl-7.19.4-enable-aes.patch
Patch6: curl-7.19.4-nss-leak.patch
Patch7: curl-7.19.4-debug.patch
Patch8: curl-7.19.4-nss-leak2.patch
+Patch9: curl-7.19.4-infloop.patch
Provides: webclient
URL: http://curl.haxx.se/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -60,6 +61,7 @@ use cURL's capabilities internally.
%patch6 -p1 -b .nssleak
%patch7 -p1 -b .debug
%patch8 -p1 -b .nssleak2
+%patch9 -p1 -b .infloop
# Convert docs to UTF-8
for f in CHANGES README; do
@@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/libcurl.m4
%changelog
+* Mon May 11 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-11
+- fix infinite loop while loading a private key, thanks to Michael Cronenworth
+ (#453612)
+
* Mon Apr 27 2009 Kamil Dudka <kdudka at redhat.com> 7.19.4-10
- fix curl/nss memory leaks while using client certificate (#453612, accepted
by upstream)
More information about the scm-commits
mailing list