nss/nsspem-init-inform-not-thread-safe.patch
Elio Maldonado 3586aff4e7 - Fix attempt to free initialized pointer (#717338)
- Fix leak on pem_CreateObject when given non-existing file name (#734760)
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
2011-09-14 12:28:24 -07:00

130 lines
3.6 KiB
Diff

--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
+++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
size += PEM_ITEM_CHUNK;
}
gobj[count] = io;
count++;
pem_nobjs++;
io->refCount ++;
return io;
}
CK_RV
AddCertificate(char *certfile, char *keyfile, PRBool cacert,
CK_SLOT_ID slotID)
{
pemInternalObject *o;
- SECItem certDER;
CK_RV error = 0;
int objid, i;
int nobjs = 0;
SECItem **objs = NULL;
char *ivstring = NULL;
int cipher;
- certDER.data = NULL;
nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
if (nobjs <= 0) {
nss_ZFreeIf(objs);
return CKR_GENERAL_ERROR;
}
/* For now load as many certs as are in the file for CAs only */
if (cacert) {
for (i = 0; i < nobjs; i++) {
char nickname[1024];
objid = pem_nobjs + 1;
snprintf(nickname, 1024, "%s - %d", certfile, i);
o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
loser:
nss_ZFreeIf(objs);
nss_ZFreeIf(o);
return error;
}
CK_RV
pem_Initialize
(
NSSCKMDInstance * mdInstance,
NSSCKFWInstance * fwInstance,
NSSUTF8 * configurationData
)
{
CK_RV rv;
- /* parse the initialization string and initialize CRLInstances */
+ /* parse the initialization string */
char **certstrings = NULL;
+ char *modparms = NULL;
PRInt32 numcerts = 0;
PRBool status, error = PR_FALSE;
int i;
+ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
+
+ if (!fwInstance) return CKR_ARGUMENTS_BAD;
+
+ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
+ if (modArgs &&
+ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
+ return CKR_CANT_LOCK;
+ }
if (pemInitialized) {
return CKR_OK;
}
+
RNG_RNGInit();
open_log();
plog("pem_Initialize\n");
- unsigned char *modparms = NULL;
- if (!fwInstance) {
- return CKR_ARGUMENTS_BAD;
- }
-
- CK_C_INITIALIZE_ARGS_PTR modArgs =
- NSSCKFWInstance_GetInitArgs(fwInstance);
if (!modArgs || !modArgs->LibraryParameters) {
goto done;
}
- modparms = (unsigned char *) modArgs->LibraryParameters;
+ modparms = (char *) modArgs->LibraryParameters;
plog("Initialized with %s\n", modparms);
/*
* The initialization string format is a space-delimited file of
* pairs of paths which are delimited by a semi-colon. The first
* entry of the pair is the path to the certificate file. The
* second is the path to the key file.
*
* CA certificates do not need the semi-colon.
*
* Example:
* /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
*
*/
status =
- pem_ParseString((const char *) modparms, ' ', &numcerts,
+ pem_ParseString(modparms, ' ', &numcerts,
&certstrings);
if (status == PR_FALSE) {
return CKR_ARGUMENTS_BAD;
}
for (i = 0; i < numcerts && error != PR_TRUE; i++) {
char *cert = certstrings[i];
PRInt32 attrcount = 0;
char **certattrs = NULL;
status = pem_ParseString(cert, ';', &attrcount, &certattrs);
if (status == PR_FALSE) {
error = PR_TRUE;
break;
}