rpms
/
nss
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bug#2097663 

Fix crash when getting client cert and there is none in the database.
This commit is contained in:
Bob Relyea 2022-06-16 14:22:48 -07:00
parent e5848562c6
commit a9f44e8e59
2 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
nss-3.79-fix-client-cert-crash.patch Normal file
View File

@ -0,0 +1,23 @@
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
--- a/lib/ssl/authcert.c
+++ b/lib/ssl/authcert.c
@@ -212,17 +212,17 @@ NSS_GetClientAuthData(void *arg,
pw_arg);
} else {
int nnames = 0;
char **names = ssl_DistNamesToStrings(caNames, &nnames);
rv = CERT_FilterCertListByCANames(certList, nnames, names,
certUsageSSLClient);
ssl_FreeDistNamesStrings(names, nnames);
}
- if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
+ if ((rv != SECSuccess) || (certList && CERT_LIST_EMPTY(certList))) {
CERT_DestroyCertList(certList);
certList = NULL;
}
}
if (certList == NULL) {
/* no user certs meeting the nickname/usage requirements found */
return SECFailure;
}

8
nss.spec
View File

@ -3,7 +3,7 @@
# NOTE: To avoid NVR clashes of nspr* packages: # NOTE: To avoid NVR clashes of nspr* packages:
# - reset %%{nspr_release} to 1, when updating %%{nspr_version} # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
# - increment %%{nspr_version}, when updating the NSS part only # - increment %%{nspr_version}, when updating the NSS part only
%global baserelease 1 %global baserelease 2
%global nss_release %baserelease %global nss_release %baserelease
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
# release number between nss and nspr are different. # release number between nss and nspr are different.
@ -131,6 +131,9 @@ Patch12: nss-signtool-format.patch
# fedora disabled dbm by default # fedora disabled dbm by default
Patch40: nss-no-dbm-man-page.patch Patch40: nss-no-dbm-man-page.patch
# upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
Patch50: nss-3.79-fix-client-cert-crash.patch
Patch100: nspr-config-pc.patch Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch Patch101: nspr-gcc-atomics.patch
@ -1087,6 +1090,7 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Thu Jun 16 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-2
* Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1 * Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
- Update to NSS 3.79 - Update to NSS 3.79
- Update to NSPR 4.34 - Update to NSPR 4.34
@ -1178,7 +1182,7 @@ update-crypto-policies &> /dev/null || :
- Consolidate NSPR package with this package - Consolidate NSPR package with this package
* Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.58.0-4 * Mon Oct 26 2020 Bob Relyea <rrelyea@redhat.com> - 3.58.0-4
- fix pkix ocsp to tolerate OCSP checking on intermediates - fix pkix ocsp to tolerate OCSP checking on intermediates
when the root is signed by sha1 and sha1 is disabled by when the root is signed by sha1 and sha1 is disabled by
policy policy