Closed Bug 391773 Opened 17 years ago Closed 17 years ago

CERTStatusConfig and ocspCheckingContext on default cert DB leaked on shutdown

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.11
Platform:
x86
Windows XP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 403888

People

(Reporter: dbaron, Assigned: julien.pierre)

References

Details

(Keywords: memory-leak) 

This bug is filed based on the NSS_3_12_ALPHA1B tag, which is what is currently used by the trunk of Firefox, etc.

The statusConfig and statusContext allocated in ocsp_InitStatusChecking for the default cert DB in Firefox trunk are not freed on shutdown.  The following patch fixes the leak for me, although I'm not sure if it's the correct place/time to free them:

--- a/security/nss/lib/pki/trustdomain.c
+++ b/security/nss/lib/pki/trustdomain.c
@@ -131,6 +131,12 @@ NSSTrustDomain_Destroy (
 {
     PRStatus status = PR_SUCCESS;
     if (--td->refCount == 0) {
+#ifdef NSS_3_4_CODE
+        if (td->statusConfig) {
+            td->statusConfig->statusDestroy(td->statusConfig);
+            td->statusConfig = NULL;
+        }
+#endif
        /* Destroy each token in the list of tokens */
        if (td->tokens) {
            nssListIterator_Destroy(td->tokens);
Priority: -- → P2
Target Milestone: --- → 3.12
Version: 3.12 → 3.11
The fix for this bug should not be committed while it remains blocked by 
bug 391815, and bug 391815 remains unresolved.
These leaks only occur if CERT_EnableOCSPChecking is called.

Currently, only 3 programs in nss/cmd have an option to do it : ocspclnt, signtool, and vfyserv. And none of them have been tested for leaks in the past.

This is why this memory leak was not found by our automated leak testing.
Assigning OCSP bugs to Mr. OCSP. :)
Assignee: nobody → julien.pierre.boogz
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.