diff options
author | Kamil Dudka <kdudka@redhat.com> | 2012-12-03 13:17:50 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2012-12-03 13:34:36 +0100 |
commit | 68d2830ee9df50961e481e81c1baaa290c33f03e (patch) | |
tree | 51712227f97f4072ed44d99b01eaa1dcea3df28d /RELEASE-NOTES | |
parent | 2ecdd486837d47eafb9861ea48519ed3b57d667b (diff) | |
download | curl-68d2830ee9df50961e481e81c1baaa290c33f03e.tar.gz |
nss: prevent NSS from crashing on client auth hook failure
Although it is not explicitly stated in the documentation, NSS uses
*pRetCert and *pRetKey even if the client authentication hook returns
a failure. Namely, if we destroy *pRetCert without clearing *pRetCert
afterwards, NSS destroys the certificate once again, which causes a
double free.
Reported by: Bob Relyea
Diffstat (limited to 'RELEASE-NOTES')
-rw-r--r-- | RELEASE-NOTES | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a482dd7fa..b40c13aa1 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -13,7 +13,7 @@ This release includes the following changes: This release includes the following bugfixes: - o + o nss: prevent NSS from crashing on client auth hook failure This release includes the following known bugs: @@ -28,4 +28,4 @@ advice from friends like these: References to bug reports and discussions on issues: -
\ No newline at end of file + |