[Swan-dev] pluto: Fix NSS certificate crash

Herbert Xu herbert at gondor.apana.org.au
Thu Apr 30 13:07:47 EEST 2015

When we instantiate a connection we simply copy the certificate
over, without getting a reference count over the new certificate
reference, resulting in a bogus certificate when the instance is

Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>

diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 6e9b2f2..292b3b1 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -713,6 +713,11 @@ void unshare_connection_end_strings(struct end *e)
 	/* do "left" */
+	if (e->cert.u.nss_cert) {
+		e->cert.u.nss_cert = CERT_DupCertificate(e->cert.u.nss_cert);
+		passert(e->cert.u.nss_cert);
+	}
 	if (e->ca.ptr != NULL)
 		clonetochunk(e->ca, e->ca.ptr, e->ca.len, "ca string");
Email: Herbert Xu <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

More information about the Swan-dev mailing list