[openldap] fix: NSS related resource leak

jsynacek jsynacek at fedoraproject.org
Tue Apr 2 11:50:18 UTC 2013 

commit 2f8c754907e15ab7c679f2b84de848e29b5ec52e
Author: Jan Synacek <jsynacek at redhat.com>
Date:   Tue Apr 2 13:44:32 2013 +0200

    fix: NSS related resource leak
    
    Resolves: #929357

 openldap-nss-pk11-freeslot.patch |   27 +++++++++++++++++++++++++++
 openldap.spec                    |    3 +++
 2 files changed, 30 insertions(+), 0 deletions(-)
---
diff --git a/openldap-nss-pk11-freeslot.patch b/openldap-nss-pk11-freeslot.patch
new file mode 100644
index 0000000..9ac541d
--- /dev/null
+++ b/openldap-nss-pk11-freeslot.patch
@@ -0,0 +1,27 @@
+Resolves: #929357
+
+From 6330d1b87a45b447f33fe8ffd6fbbce9e60bb0ec Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins at redhat.com>
+Date: Thu, 28 Mar 2013 19:05:02 -0600
+Subject: [PATCH] must call PK11_FreeSlot after SECMOD_CloseUserDB to remove ref to slot
+
+---
+ libraries/libldap/tls_m.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
+index 072d41d..c59d303 100644
+--- a/libraries/libldap/tls_m.c
++++ b/libraries/libldap/tls_m.c
+@@ -2063,6 +2063,8 @@ tlsm_ctx_free ( tls_ctx *ctx )
+ 				   "TLS: could not close certdb slot - error %d:%s.\n",
+ 				   errcode, PR_ErrorToString( errcode, PR_LANGUAGE_I_DEFAULT ), 0 );
+ 		}
++		PK11_FreeSlot( c->tc_certdb_slot );
++		c->tc_certdb_slot = NULL;
+ 	}
+ 	PL_strfree( c->tc_pin_file );
+ 	c->tc_pin_file = NULL;
+-- 
+1.7.1
+
diff --git a/openldap.spec b/openldap.spec
index 2aee1b6..a2d4c26 100644
--- a/openldap.spec
+++ b/openldap.spec
@@ -46,6 +46,7 @@ Patch12: openldap-tls-no-reuse-of-tls_session.patch
 Patch13: openldap-nss-regex-search-hashed-cacert-dir.patch
 Patch14: openldap-nss-ignore-certdb-type-prefix.patch
 Patch15: openldap-nss-certs-from-certdb-fallback-pem.patch
+Patch16: openldap-nss-pk11-freeslot.patch
 
 # Fedora specific patches
 Patch100: openldap-autoconf-pkgconfig-nss.patch
@@ -164,6 +165,7 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
 %patch13 -p1
 %patch14 -p1
 %patch15 -p1
+%patch16 -p1
 
 %patch102 -p1
 
@@ -647,6 +649,7 @@ exit 0
 * Tue Apr 02 2013 Jan Synáček <jsynacek at redhat.com> 2.4.35-1
 - new upstream release (#947235)
 - fix: slapd.service should ensure that network is up before starting (#946921)
+- fix: NSS related resource leak (#929357)
 
 * Mon Mar 18 2013 Jan Synáček <jsynacek at redhat.com> 2.4.34-2
 - fix: syncrepl push DELETE operation does not recover (#920482)

More information about the scm-commits mailing list