ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key

If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.

diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c
index 7ae7d8216c6756c441b0a380c3f0b59ba583268b..72fdf4918ab423a464eec6971af667f7a0f930c9 100644 (file)
--- a/libraries/libldap/tls_m.c
+++ b/libraries/libldap/tls_m.c
@@ -1811,6 +1811,14 @@ tlsm_get_client_auth_data( void *arg, PRFileDesc *fd,
                Debug( LDAP_DEBUG_ANY,
                           "TLS: error: unable to perform client certificate authentication for "
                           "certificate named %s\n", ctx->tc_certname, 0, 0 );
+               if ( pRetKey && *pRetKey ) {
+                       SECKEY_DestroyPrivateKey( *pRetKey );
+                       *pRetKey = NULL;
+               }
+               if ( pRetCert && *pRetCert ) {
+                       CERT_DestroyCertificate( *pRetCert );
+                       *pRetCert = NULL;
+               }
                return SECFailure;
        }
 
@@ -2162,6 +2170,8 @@ tlsm_deferred_ctx_init( void *arg )
                        Debug( LDAP_DEBUG_ANY, 
                               "TLS: error: unable to find and verify server's cert and key for certificate %s\n",
                               ctx->tc_certname, 0, 0 );
+                       CERT_DestroyCertificate( serverCert );
+                       SECKEY_DestroyPrivateKey( serverKey );
                        return -1;
                }