Bug 717730
Summary: | memleak in tlsm_auth_cert_handler | |||
---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rich Megginson <rmeggins> | |
Component: | openldap | Assignee: | Jan Vcelak <jvcelak> | |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | rawhide | CC: | jvcelak, rmeggins, tsmetana | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openldap-2.4.24-5.fc15 | Doc Type: | Bug Fix | |
Doc Text: |
- Any tool which uses both OpenLDAP and Mozilla NSS libraries. OpenLDAP validates TLS peer and the certificate is cached by Mozilla NSS library.
- The tool can fail on NSS_Shutdown function call, because the client certificate is not freed and the caches cannot be destroyed.
- Peer certificate is freed in OpenLDAP library after certificate validation is finished.
- All caches can be freed and NSS_Shutdown succeeds.
|
Story Points: | --- | |
Clone Of: | ||||
: | 717738 (view as bug list) | Environment: | ||
Last Closed: | 2011-07-20 15:18:06 UTC | Type: | --- | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 710372, 712491, 717738 |
Description
Rich Megginson
2011-06-29 17:38:39 UTC
Patch submitted upstream - http://www.openldap.org/its/index.cgi?findid=6980 Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: - Any tool which uses both OpenLDAP and Mozilla NSS libraries. OpenLDAP validates TLS peer and the certificate is cached by Mozilla NSS library. - The tool can fail on NSS_Shutdown function call, because the client certificate is not freed and the caches cannot be destroyed. - Peer certificate is freed in OpenLDAP library after certificate validation is finished. - All caches can be freed and NSS_Shutdown succeeds. Resolved in openldap-2.4.26-1.fc16 openldap-2.4.24-4.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/openldap-2.4.24-4.fc15 openldap-2.4.24-5.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/openldap-2.4.24-5.fc15 openldap-2.4.24-5.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |