Do not leak a reference to "slot" when decoding private key.

author: Nick Mathewson <nickm@torproject.org> 2018-08-29 15:17:47 -0400
committer: Nick Mathewson <nickm@torproject.org> 2018-09-04 14:52:35 -0400
commit: f46a7eafb88494922f331d198500f94dee0a6d8e (patch)
tree: b972848def9e780a58ddffcfd8f74203a7081ee5 /src/lib/crypt_ops
parent: 36f3bdac032523c6d98022c84059d8ebd69dfdfe (diff)
download: tor-f46a7eafb88494922f331d198500f94dee0a6d8e.tar.gz
tor-f46a7eafb88494922f331d198500f94dee0a6d8e.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/crypt_ops/crypto_rsa_nss.c b/src/lib/crypt_ops/crypto_rsa_nss.c
index 517faa5c7b..b6d8bb647d 100644
--- a/src/lib/crypt_ops/crypto_rsa_nss.c
+++ b/src/lib/crypt_ops/crypto_rsa_nss.c
@@ -683,6 +683,9 @@ crypto_pk_asn1_decode_private(const char *str, size_t len)
 {
   tor_assert(str);
   tor_assert(len < INT_MAX);
+  PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
+  if (!slot)
+    return NULL;
 
   SECKEYPrivateKeyInfo info = {
              .algorithm = {
@@ -699,7 +702,6 @@ crypto_pk_asn1_decode_private(const char *str, size_t len)
                             }
   };
 
-  PK11SlotInfo *slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
   SECStatus s;
   SECKEYPrivateKey *seckey = NULL;
 
@@ -722,5 +724,8 @@ crypto_pk_asn1_decode_private(const char *str, size_t len)
     crypto_nss_log_errors(LOG_WARN, "decoding an RSA private key");
   }
 
+  if (slot)
+    PK11_FreeSlot(slot);
+
   return output;
 }
author	Nick Mathewson <nickm@torproject.org>	2018-08-29 15:17:47 -0400
committer	Nick Mathewson <nickm@torproject.org>	2018-09-04 14:52:35 -0400
commit	f46a7eafb88494922f331d198500f94dee0a6d8e (patch)
tree	b972848def9e780a58ddffcfd8f74203a7081ee5 /src/lib/crypt_ops
parent	36f3bdac032523c6d98022c84059d8ebd69dfdfe (diff)
download	tor-f46a7eafb88494922f331d198500f94dee0a6d8e.tar.gz tor-f46a7eafb88494922f331d198500f94dee0a6d8e.zip