Bug 723134

Summary: memleak in tlsm_auth_cert_handler
Product: Red Hat Enterprise Linux 6 Reporter: RHEL Program Management <pm-rhel>
Component: openldapAssignee: Jan Vcelak <jvcelak>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: urgent    
Version: 6.1CC: jplans, jvcelak, jwest, omoris, pm-eus, rmeggins, rvokal, shaines, tsmetana
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openldap-2.4.23-15.el6_1.1 Doc Type: Bug Fix
Doc Text:
- Any tool which uses both OpenLDAP and Mozilla NSS libraries. OpenLDAP validates TLS peer and the certificate is cached by Mozilla NSS library. - The tool can fail on NSS_Shutdown function call, because the client certificate is not freed and the caches cannot be destroyed. - Peer certificate is freed in OpenLDAP library after certificate validation is finished. - All caches can be freed and NSS_Shutdown succeeds.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-05 04:06:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 717738    
Bug Blocks:    

Description RHEL Program Management 2011-07-19 08:05:24 UTC 
This bug has been copied from bug #717738 and has been proposed
to be backported to 6.1 z-stream (EUS).
Comment 5 Jan Vcelak 2011-07-20 11:13:08 UTC 
Fixed in openldap-2.4.23-15.el6_1.1
Comment 6 Jan Vcelak 2011-07-20 11:13:08 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
-
Comment 7 Jan Vcelak 2011-07-20 11:13:34 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -1 +1,4 @@
--+- Any tool which uses both OpenLDAP and Mozilla NSS libraries. OpenLDAP validates TLS peer and the certificate is cached by Mozilla NSS library.
+- The tool can fail on NSS_Shutdown function call, because the client certificate is not freed and the caches cannot be destroyed.
+- Peer certificate is freed in OpenLDAP library after certificate validation is finished.
+- All caches can be freed and NSS_Shutdown succeeds.
Comment 11 errata-xmlrpc 2011-08-05 04:06:03 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-1124.html
Comment 12 Jan Synacek 2012-03-14 09:42:29 UTC 
*** Bug 790916 has been marked as a duplicate of this bug. ***