From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 28 Sep 2010 03:40:46 +0000 (+0000)
Subject: Clean up hash and digest contexts in the back end to avoid refcount
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26e723bcdf2b4380e779f12f7bbe5a6bdc1b1121;p=thirdparty%2Fkrb5.git

Clean up hash and digest contexts in the back end to avoid refcount
leaks.

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/nss@24367 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/crypto/nss/hash_provider/hash_gen.c b/src/lib/crypto/nss/hash_provider/hash_gen.c
index 98a8cc6c09..85cbde66f1 100644
--- a/src/lib/crypto/nss/hash_provider/hash_gen.c
+++ b/src/lib/crypto/nss/hash_provider/hash_gen.c
@@ -61,6 +61,7 @@ k5_nss_gen_hash(HASH_HashType hashType, const krb5_crypto_iov *data,
 
     HASH_End(ctx, (unsigned char *)output->data,
              &output->length, output->length);
+    HASH_Destroy(ctx);
 
     return 0;
 }
diff --git a/src/lib/crypto/nss/hmac.c b/src/lib/crypto/nss/hmac.c
index a909e6ec13..a77f3d4adf 100644
--- a/src/lib/crypto/nss/hmac.c
+++ b/src/lib/crypto/nss/hmac.c
@@ -151,10 +151,9 @@ krb5int_hmac(const struct krb5_hash_provider *hash, krb5_key key,
     }
     rv = PK11_DigestFinal(ctx, (unsigned char *) output->data, &output->length,
                           output->length);
-    ctx = NULL;
     if (rv != SECSuccess)
         goto fail;
-
+    PK11_DestroyContext(ctx, PR_TRUE);
     return 0;
 fail:
     ret = k5_nss_map_last_error();