- Fix attempt to free initialized pointer (#717338)

- Fix leak on pem_CreateObject when given non-existing file name (#734760) - Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
2011-09-14 12:28:24 -07:00 · 2011-09-14 12:28:24 -07:00 · 3586aff4e7
parent c26c5b1326
commit 3586aff4e7
4 changed files with 174 additions and 3 deletions
--- a/0001-libnsspem-rhbz-734760.patch
+++ b/0001-libnsspem-rhbz-734760.patch
@ -0,0 +1,21 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760	2011-09-10 10:21:38.819248564 -0700
+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c	2011-09-10 10:28:47.970083785 -0700
+@@ -1117,7 +1117,7 @@ pem_CreateObject
+ 
+         nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+         if (nobjs < 1)
+-            return (NSSCKMDObject *) NULL;
+            goto loser;
+ 
+         objid = -1;
+         /* Brute force: find the id of the key, if any, in this slot */
+@@ -1176,7 +1176,7 @@ pem_CreateObject
+ 
+         nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
+         if (nobjs < 1)
+-            return (NSSCKMDObject *) NULL;
+            goto loser;
+ 
+         certDER.len = 0; /* in case there is no equivalent cert */
+         certDER.data = NULL;
--- a/nss.spec
+++ b/nss.spec
@ -6,7 +6,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.11
-Release:          2%{?dist}
+Release:          3%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -55,9 +55,12 @@ Patch6:           nss-enable-pem.patch
 Patch7:           nsspem-642433.patch
 Patch8:           0001-Bug-695011-PEM-logging.patch
 Patch16:          nss-539183.patch
-#Patch17:          nss-703658.patch
 Patch18:          nss-646045.patch
 Patch19:          builtins-nssckbi_1_87_rtm.patch
+Patch20:          nsspem-createobject-initialize-pointer.patch
+Patch21:          0001-libnsspem-rhbz-734760.patch
+Patch22:          nsspem-init-inform-not-thread-safe.patch
+

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -133,9 +136,11 @@ low level services.
 %patch7 -p0 -b .642433
 %patch8 -p1 -b .695011          
 %patch16 -p0 -b .539183
-#%patch17 -p0 -b .703658
 %patch18 -p0 -b .646045
 %patch19 -p0 -b .ckbi187
+%patch20 -p1 -b .717338
+%patch21 -p1 -b .734760
+%patch22 -p0 -b .736410


 %build
@ -546,6 +551,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Wed Sep 14 2011 Elio Maldonado <emaldona@redhat.com> - 3.12.11-3
+- Fix attempt to free initilized pointer (#717338)
+- Fix leak on pem_CreateObject when given non-existing file name (#734760)
+- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
+
 * Tue Sep 06 2011 Kai Engert <kaie@redhat.com> - 3.12.11-2
 - Update builtins certs to those from NSSCKBI_1_87_RTM

--- a/nsspem-createobject-initialize-pointer.patch
+++ b/nsspem-createobject-initialize-pointer.patch
@ -0,0 +1,11 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338	2010-11-25 10:49:27.000000000 -0800
+++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c	2011-09-10 10:16:58.752726964 -0700
+@@ -1179,6 +1179,7 @@ pem_CreateObject
+             return (NSSCKMDObject *) NULL;
+ 
+         certDER.len = 0; /* in case there is no equivalent cert */
+        certDER.data = NULL;
+ 
+         objid = -1;
+         for (i = 0; i < pem_nobjs; i++) {
--- a/nsspem-init-inform-not-thread-safe.patch
+++ b/nsspem-init-inform-not-thread-safe.patch
@ -0,0 +1,129 @@
+--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410	2010-11-25 11:51:52.000000000 -0800
+++ mozilla/security/nss/lib/ckfw/pem/pinst.c	2011-09-13 16:59:49.325215540 -0700
+@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+         size += PEM_ITEM_CHUNK;
+     }
+     gobj[count] = io;
+     count++;
+     pem_nobjs++;
+ 
+     io->refCount ++;
+     return io;
+ }
+ 
+ CK_RV
+ AddCertificate(char *certfile, char *keyfile, PRBool cacert,
+                CK_SLOT_ID slotID)
+ {
+     pemInternalObject *o;
+-    SECItem certDER;
+     CK_RV error = 0;
+     int objid, i;
+     int nobjs = 0;
+     SECItem **objs = NULL;
+     char *ivstring = NULL;
+     int cipher;
+ 
+-    certDER.data = NULL;
+     nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+     if (nobjs <= 0) {
+         nss_ZFreeIf(objs);
+         return CKR_GENERAL_ERROR;
+     }
+ 
+     /* For now load as many certs as are in the file for CAs only */
+     if (cacert) {
+         for (i = 0; i < nobjs; i++) {
+             char nickname[1024];
+             objid = pem_nobjs + 1;
+ 
+             snprintf(nickname, 1024, "%s - %d", certfile, i);
+ 
+             o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
+@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
+   loser:
+     nss_ZFreeIf(objs);
+     nss_ZFreeIf(o);
+     return error;
+ }
+ 
+ CK_RV
+ pem_Initialize
+ (
+     NSSCKMDInstance * mdInstance,
+     NSSCKFWInstance * fwInstance,
+     NSSUTF8 * configurationData
+ )
+ {
+     CK_RV rv;
+-    /* parse the initialization string and initialize CRLInstances */
+    /* parse the initialization string */
+     char **certstrings = NULL;
+    char *modparms = NULL;
+     PRInt32 numcerts = 0;
+     PRBool status, error = PR_FALSE;
+     int i;
+    CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
+
+    if (!fwInstance) return CKR_ARGUMENTS_BAD;
+
+    modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
+    if (modArgs &&
+       ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
+        return CKR_CANT_LOCK;
+    }
+ 
+     if (pemInitialized) {
+         return CKR_OK;
+     }
+
+     RNG_RNGInit();
+ 
+     open_log();
+ 
+     plog("pem_Initialize\n");
+ 
+-    unsigned char *modparms = NULL;
+-    if (!fwInstance) {
+-        return CKR_ARGUMENTS_BAD;
+-    }
+-
+-    CK_C_INITIALIZE_ARGS_PTR modArgs =
+-        NSSCKFWInstance_GetInitArgs(fwInstance);
+     if (!modArgs || !modArgs->LibraryParameters) {
+         goto done;
+     }
+-    modparms = (unsigned char *) modArgs->LibraryParameters;
+    modparms = (char *) modArgs->LibraryParameters;
+     plog("Initialized with %s\n", modparms);
+ 
+     /*
+      * The initialization string format is a space-delimited file of
+      * pairs of paths which are delimited by a semi-colon. The first
+      * entry of the pair is the path to the certificate file. The
+      * second is the path to the key file.
+      *
+      * CA certificates do not need the semi-colon.
+      *
+      * Example:
+      *  /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
+      *
+      */
+     status =
+-        pem_ParseString((const char *) modparms, ' ', &numcerts,
+        pem_ParseString(modparms, ' ', &numcerts,
+                         &certstrings);
+     if (status == PR_FALSE) {
+         return CKR_ARGUMENTS_BAD;
+     }
+ 
+     for (i = 0; i < numcerts && error != PR_TRUE; i++) {
+         char *cert = certstrings[i];
+         PRInt32 attrcount = 0;
+         char **certattrs = NULL;
+         status = pem_ParseString(cert, ';', &attrcount, &certattrs);
+         if (status == PR_FALSE) {
+             error = PR_TRUE;
+             break;
+         }
+