Fix leak of cert reference in cert authentication callback functions.

3 files changed, 4 insertions, 0 deletions

diff --git a/security/nss/cmd/SSLsample/sslsample.c b/security/nss/cmd/SSLsample/sslsample.c
index 77c543e12..5db5aefb8 100644
--- a/security/nss/cmd/SSLsample/sslsample.c
+++ b/security/nss/cmd/SSLsample/sslsample.c
@@ -140,6 +140,7 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
 
 	/* If this is a server, we're finished. */
 	if (isServer || secStatus != SECSuccess) {
+		CERT_DestroyCertificate(cert);
 		return secStatus;
 	}
 
@@ -162,6 +163,7 @@ myAuthCertificate(void *arg, PRFileDesc *socket,
 	if (hostName)
 		PR_Free(hostName);
 
+	CERT_DestroyCertificate(cert);
 	return secStatus;
 }
 
diff --git a/security/nss/cmd/selfserv/selfserv.c b/security/nss/cmd/selfserv/selfserv.c
index 16ce65cd3..4d215253b 100644
--- a/security/nss/cmd/selfserv/selfserv.c
+++ b/security/nss/cmd/selfserv/selfserv.c
@@ -276,6 +276,7 @@ mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
 	FPRINTF(stderr, "selfserv: -- SSL3: Certificate Invalid, err %d.\n%s\n", 
                 err, SECU_Strerror(err));
     }
+    CERT_DestroyCertificate(peerCert);
     FLUSH;
     return rv;  
 }
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c
index 5a4ce56b0..3bcfb894c 100644
--- a/security/nss/cmd/strsclnt/strsclnt.c
+++ b/security/nss/cmd/strsclnt/strsclnt.c
@@ -213,6 +213,7 @@ mySSLAuthCertificate(void *arg, PRFileDesc *fd, PRBool checkSig,
     if (rv == SECSuccess) {
 	fputs("strsclnt: -- SSL: Server Certificate Validated.\n", stderr);
     } 
+    CERT_DestroyCertificate(peerCert);
     /* error, if any, will be displayed by the Bad Cert Handler. */
     return rv;  
 }