Hi Claes,

On Saturday 30 of May 2009 11:16:39 Claes Jakobsson wrote:
> The attached patch fixes a segmentation fault when using client
> certificates in NSS. As we keep the client cert around in connssl
> structure we must increase the refcount on the cert when returning
> from the SSLGetClientAuthData callback.

can you give me some steps to reproduce the segmentation fault? Do you have
the client certificate in NSS database or a PEM certificate in file?

The patch triggers a memory leak for me:

524,203 bytes in 1,881 blocks are possibly lost in loss record 44 of 44
   at 0x4A04D1F: calloc (vg_replace_malloc.c:279)
   by 0x4C1EACF: nss_ZAlloc (arena.c:892)
   by 0x4C1ED5C: nssArena_Create (arena.c:412)
   by 0x4C11B52: nssCKFWInstance_Create (instance.c:217)
   by 0x4C1C8D1: NSSCKFWC_Initialize (wrap.c:205)
   by 0x50EB816: secmod_ModuleInit (pk11load.c:146)
   by 0x50EBF33: SECMOD_LoadPKCS11Module (pk11load.c:378)
   by 0x50FE973: SECMOD_LoadModule (pk11pars.c:323)
   by 0x50FEB77: SECMOD_LoadUserModule (pk11pars.c:391)
   by 0x4E6C457: Curl_nss_connect (nss.c:1008)
   by 0x4E652EA: Curl_ssl_connect (sslgen.c:185)
   by 0x4E4512B: Curl_http_connect (http.c:1804)

It probably hampers the PEM module destruction by non-zero reference count.

Kamil
Received on 2009-05-30