[Swan-dev] pluto: Fix NSS certificate crash
Herbert Xu
herbert at gondor.apana.org.au
Thu Apr 30 13:07:47 EEST 2015
When we instantiate a connection we simply copy the certificate
over, without getting a reference count over the new certificate
reference, resulting in a bogus certificate when the instance is
deleted.
Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 6e9b2f2..292b3b1 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -713,6 +713,11 @@ void unshare_connection_end_strings(struct end *e)
/* do "left" */
unshare_id_content(&e->id);
+ if (e->cert.u.nss_cert) {
+ e->cert.u.nss_cert = CERT_DupCertificate(e->cert.u.nss_cert);
+ passert(e->cert.u.nss_cert);
+ }
+
if (e->ca.ptr != NULL)
clonetochunk(e->ca, e->ca.ptr, e->ca.len, "ca string");
--
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
More information about the Swan-dev
mailing list