[Swan-dev] pluto: Fix NSS certificate crash
Matt Rogers
mrogers at redhat.com
Sat May 2 01:24:00 EEST 2015
On 04/30, Herbert Xu wrote:
> When we instantiate a connection we simply copy the certificate
> over, without getting a reference count over the new certificate
> reference, resulting in a bogus certificate when the instance is
> deleted.
>
> Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
>
> diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
> index 6e9b2f2..292b3b1 100644
> --- a/programs/pluto/connections.c
> +++ b/programs/pluto/connections.c
> @@ -713,6 +713,11 @@ void unshare_connection_end_strings(struct end *e)
> /* do "left" */
> unshare_id_content(&e->id);
>
> + if (e->cert.u.nss_cert) {
> + e->cert.u.nss_cert = CERT_DupCertificate(e->cert.u.nss_cert);
> + passert(e->cert.u.nss_cert);
> + }
> +
> if (e->ca.ptr != NULL)
> clonetochunk(e->ca, e->ca.ptr, e->ca.len, "ca string");
>
> --
> Email: Herbert Xu <herbert at gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
Thanks! I've applied this to the nss_pkix branch.
Regards,
Matt
More information about the Swan-dev
mailing list