Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nss: only cache valid CRL entries #4053

Closed
wants to merge 1 commit into from
Closed

nss: only cache valid CRL entries #4053

wants to merge 1 commit into from

Conversation

danielgustafsson
Copy link
Member

Change the logic around such that we only keep CRLs that NSS actually ended up caching around for later deletion. If CERT_CacheCRL() fails then there is little point in delaying the freeing of the CRL as it is not used.

kdudka
kdudka requested changes Jun 20, 2019
View reviewed changes
lib/vtls/nss.c Outdated
/* unable to cache CRL */
/* store the CRL item so that we can free it in Curl_nss_cleanup() */
if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) {
SECITEM_FreeItem(crl_der, PR_TRUE);
Copy link
Contributor

@kdudka kdudka Jun 20, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You need to call CERT_UncacheCRL() before releasing the memory to avoid a possible use after free later on. If CERT_UncacheCRL() fails, which is unlikely, it is IMO better to leak the memory. Something like:

if(SECSuccess == CERT_UncacheCRL(db, crl_der))
  SECITEM_FreeItem(crl_der, PR_TRUE);

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, nice catch, fixed and rebased.

@danielgustafsson
nss: only cache valid CRL entries
f33f352 
Change the logic around such that we only keep CRLs that NSS actually
ended up caching around for later deletion.  If CERT_CacheCRL() fails
then there is little point in delaying the freeing of the CRL as it
is not used.

Closes #xxxx
@danielgustafsson
Copy link
Member Author

A thing to note which I failed to write in the commitmessage (but will amend before pushing if approved) is that without this we leave a dangling pointer on nss_crl_list as we perform SECITEM_FreeItem() on the underlying storage pointed to in case CRL caching fails.

@kdudka
Copy link
Contributor

kdudka commented Jun 20, 2019

A thing to note which I failed to write in the commitmessage (but will amend before pushing if approved) is that without this we leave a dangling pointer on nss_crl_list as we perform SECITEM_FreeItem() on the underlying storage pointed to in case CRL caching fails.

I do not understand the above note. Are you talking about the original implementation? It did not (immediately) call SECITEM_FreeItem() upon failure of CERT_CacheCRL(). The only problem was that the memory was released too late as I understand it.

@danielgustafsson
Copy link
Member Author

danielgustafsson commented Jun 20, 2019 via email

@kdudka
Copy link
Contributor

kdudka commented Jun 20, 2019

No problem, thank you for clarifying it! And thank you for improving the code!

@jay jay closed this in 2028a1a Jul 7, 2019
@jay
Copy link
Member

jay commented Jul 7, 2019

Thanks

caraitto pushed a commit to caraitto/curl that referenced this pull request Jul 23, 2019
@danielgustafsson @caraitto
nss: only cache valid CRL entries
04497ff 
Change the logic around such that we only keep CRLs that NSS actually
ended up caching around for later deletion.  If CERT_CacheCRL() fails
then there is little point in delaying the freeing of the CRL as it
is not used.

Closes curl#4053
@lock lock bot locked as resolved and limited conversation to collaborators Oct 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kdudka kdudka kdudka approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@danielgustafsson @kdudka @jay