[Swan-dev] pluto: Fix NSS certificate crash

Herbert Xu Thu, 30 Apr 2015 03:08:29 -0700

When we instantiate a connection we simply copy the certificate
over, without getting a reference count over the new certificate
reference, resulting in a bogus certificate when the instance is
deleted.


Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>

diff --git a/programs/pluto/connections.c b/programs/pluto/connections.c
index 6e9b2f2..292b3b1 100644
--- a/programs/pluto/connections.c
+++ b/programs/pluto/connections.c
@@ -713,6 +713,11 @@ void unshare_connection_end_strings(struct end *e)
        /* do "left" */
        unshare_id_content(&e->id);
 
+       if (e->cert.u.nss_cert) {
+               e->cert.u.nss_cert = CERT_DupCertificate(e->cert.u.nss_cert);
+               passert(e->cert.u.nss_cert);
+       }
+
        if (e->ca.ptr != NULL)
                clonetochunk(e->ca, e->ca.ptr, e->ca.len, "ca string");
 
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

[Swan-dev] pluto: Fix NSS certificate crash

Reply via email to