From b3b283215d0e06e7e94d47674d9977c376ac65d9 Mon Sep 17 00:00:00 2001
From: "alexei.volkov.bugs%sun.com" <devnull@localhost>
Date: Thu, 24 Mar 2011 16:30:57 +0000
Subject: Possible minor memory leak in SNI code. r=alexei, bob. Patch is
 provided by Meena Vyas.

---
 security/nss/lib/ssl/ssl3ext.c  | 11 +++++++----
 security/nss/lib/ssl/sslnonce.c |  3 +++
 2 files changed, 10 insertions(+), 4 deletions(-)

(limited to 'security')

diff --git a/security/nss/lib/ssl/ssl3ext.c b/security/nss/lib/ssl/ssl3ext.c
index a0be8db9f..02ebc49f5 100644
--- a/security/nss/lib/ssl/ssl3ext.c
+++ b/security/nss/lib/ssl/ssl3ext.c
@@ -1266,14 +1266,17 @@ no_ticket:
 			SSL_GETPID(), ss->fd));
 	ssl3stats = SSL_GetStatistics();
 	SSL_AtomicIncrementLong(& ssl3stats->hch_sid_ticket_parse_failures );
-	if (sid) {
-	    ssl_FreeSID(sid);
-	    sid = NULL;
-	}
     }
     rv = SECSuccess;
 
 loser:
+	/* ss->sec.ci.sid == sid if it did NOT come here via goto statement
+	 * in that case do not free sid
+	 */
+	if (sid && (ss->sec.ci.sid != sid)) {
+	    ssl_FreeSID(sid);
+	    sid = NULL;
+	}
     if (decrypted_state != NULL) {
 	SECITEM_FreeItem(decrypted_state, PR_TRUE);
 	decrypted_state = NULL;
diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index 8c097f8d4..6a8fc4757 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -222,6 +222,9 @@ ssl_DestroySID(sslSessionID *sid)
     if (sid->u.ssl3.sessionTicket.ticket.data) {
 	SECITEM_FreeItem(&sid->u.ssl3.sessionTicket.ticket, PR_FALSE);
     }
+    if (sid->u.ssl3.srvName.data) {
+	SECITEM_FreeItem(&sid->u.ssl3.srvName, PR_FALSE);
+    }
     
     PORT_ZFree(sid, sizeof(sslSessionID));
 }
-- 
cgit v1.2.1