Don't put CredHandleClass in std::map directly because...

net/base/ssl_client_socket_win.cc

 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/ssl_client_socket_win.h"
 
 #include <schnlsp.h>
 
 #include "base/lock.h"
 #include "base/singleton.h"
+#include "base/stl_util-inl.h"
 #include "base/string_util.h"
 #include "net/base/connection_type_histograms.h"
 #include "net/base/io_buffer.h"
 #include "net/base/net_errors.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/base/ssl_info.h"
 
 #pragma comment(lib, "secur32.lib")
 
 namespace net {
@@ skipping 52 matching lines @@
 // A bitmask consisting of these bit flags encodes which versions of the SSL
 // protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled.
 enum {
   SSL2 = 1 << 0,
   SSL3 = 1 << 1,
   TLS1 = 1 << 2,
   SSL_VERSION_MASKS = 1 << 3  // The number of SSL version bitmasks.
 };
 
 // CredHandleClass simply gives a default constructor and a destructor to
-// SSPI's CredHandle type (a C struct).  The default constuctor is required
-// by STL containers.
+// SSPI's CredHandle type (a C struct).
 class CredHandleClass : public CredHandle {
  public:
   CredHandleClass() {
     dwLower = 0;
     dwUpper = 0;
   }
 
   ~CredHandleClass() {
     if (dwLower || dwUpper) {
       SECURITY_STATUS status = FreeCredentialsHandle(this);
       DCHECK(status == SEC_E_OK);
     }
   }
 };
 
 // A table of CredHandles.
 class CredHandleTable {
  public:
   CredHandleTable() {}
 
-  ~CredHandleTable() {}
+  ~CredHandleTable() {
+    STLDeleteContainerPairSecondPointers(client_cert_creds_.begin(),
+                                         client_cert_creds_.end());
+  }
 
   CredHandle* GetHandle(PCCERT_CONTEXT client_cert, int ssl_version_mask) {
     DCHECK(0 < ssl_version_mask &&
            ssl_version_mask < arraysize(anonymous_creds_));
-    CredHandle* handle;
+    CredHandleClass* handle;
     AutoLock lock(lock_);
     if (client_cert) {
-      handle = &client_cert_creds_[
-          std::make_pair(client_cert, ssl_version_mask)];
+      CredHandleMapKey key = std::make_pair(client_cert, ssl_version_mask);
+      CredHandleMap::const_iterator it = client_cert_creds_.find(key);
+      if (it == client_cert_creds_.end()) {
+        handle = new CredHandleClass;
+        client_cert_creds_[key] = handle;
+      } else {
+        handle = it->second;
+      }
     } else {
       handle = &anonymous_creds_[ssl_version_mask];
     }
     if (!handle->dwLower && !handle->dwUpper)
       InitializeHandle(handle, client_cert, ssl_version_mask);
     return handle;
   }
 
  private:
   // CredHandleMapKey is a std::pair consisting of these two components:
   //   PCCERT_CONTEXT client_cert
   //   int ssl_version_mask
   typedef std::pair<PCCERT_CONTEXT, int> CredHandleMapKey;
 
-  typedef std::map<CredHandleMapKey, CredHandleClass> CredHandleMap;
+  typedef std::map<CredHandleMapKey, CredHandleClass*> CredHandleMap;
 
   static void InitializeHandle(CredHandle* handle,
                                PCCERT_CONTEXT client_cert,
                                int ssl_version_mask);
 
   Lock lock_;
 
   // Anonymous (no client certificate) CredHandles for all possible
   // combinations of SSL versions.  Defined as an array for fast lookup.
   CredHandleClass anonymous_creds_[SSL_VERSION_MASKS];
@@ skipping 1032 matching lines @@
   }
 }
 
 void SSLClientSocketWin::FreeSendBuffer() {
   SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
   DCHECK(status == SEC_E_OK);
   memset(&send_buffer_, 0, sizeof(send_buffer_));
 }
 
 }  // namespace net