rpms/nss/F-13 nsspem-596674.patch,NONE,1.1 nss.spec,1.146,1.147
Elio Maldonado
emaldonado at fedoraproject.org
Mon Jun 7 03:56:21 UTC 2010
- Previous message: rpms/xfce-utils/F-12 xfce-utils.spec, 1.31, 1.32 sources, 1.15, 1.16 .cvsignore, 1.15, 1.16
- Next message: rpms/exo/F-13 exo.spec, 1.48, 1.49 sources, 1.16, 1.17 .cvsignore, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: emaldonado
Update of /cvs/pkgs/rpms/nss/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv18756
Modified Files:
nss.spec
Added Files:
nsspem-596674.patch
Log Message:
Fix SIGSEGV within CreateObject #596674
nsspem-596674.patch:
pinst.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++-------------
1 file changed, 55 insertions(+), 13 deletions(-)
--- NEW FILE nsspem-596674.patch ---
diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 2010-06-06 18:27:27.256318318 -0700
+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c 2010-06-06 20:45:28.158442982 -0700
@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c
buf = issuer->data + issuer->len;
/* only wanted issuer/SN */
- if (valid == NULL) {
+ if (subject == NULL || valid == NULL || subjkey == NULL) {
return SECSuccess;
}
/* validity */
@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass,
memset(&o->u.trust, 0, sizeof(o->u.trust));
break;
}
+
+ o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
+ if (o->nickname == NULL)
+ goto fail;
+ strcpy(o->nickname, nickname);
+
+ sprintf(id, "%d", objid);
+ len = strlen(id) + 1; /* zero terminate */
+ o->id.data = (void *) nss_ZAlloc(NULL, len);
+ if (o->id.data == NULL)
+ goto fail;
+ (void) nsslibc_memcpy(o->id.data, id, len);
+ o->id.size = len;
+
o->objClass = objClass;
o->type = type;
o->slotID = slotID;
+
o->derCert = nss_ZNEW(NULL, SECItem);
+ if (o->derCert == NULL)
+ goto fail;
o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len);
+ if (o->derCert->data == NULL)
+ goto fail;
o->derCert->len = certDER->len;
nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len);
switch (objClass) {
case CKO_CERTIFICATE:
case CKO_NETSCAPE_TRUST:
- GetCertFields(o->derCert->data,
- o->derCert->len, &issuer, &serial,
- &derSN, &subject, &valid, &subjkey);
+ if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len,
+ &issuer, &serial, &derSN, &subject,
+ &valid, &subjkey))
+ goto fail;
o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len);
+ if (o->u.cert.subject.data == NULL)
+ goto fail;
o->u.cert.subject.size = subject.len;
nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len);
o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len);
+ if (o->u.cert.issuer.data == NULL) {
+ nss_ZFreeIf(o->u.cert.subject.data);
+ goto fail;
+ }
o->u.cert.issuer.size = issuer.len;
nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len);
o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len);
+ if (o->u.cert.serial.data == NULL) {
+ nss_ZFreeIf(o->u.cert.issuer.data);
+ nss_ZFreeIf(o->u.cert.subject.data);
+ goto fail;
+ }
o->u.cert.serial.size = serial.len;
nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len);
break;
case CKO_PRIVATE_KEY:
o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem);
+ if (o->u.key.key.privateKey == NULL)
+ goto fail;
o->u.key.key.privateKey->data =
(void *) nss_ZAlloc(NULL, keyDER->len);
+ if (o->u.key.key.privateKey->data == NULL) {
+ nss_ZFreeIf(o->u.key.key.privateKey);
+ goto fail;
+ }
o->u.key.key.privateKey->len = keyDER->len;
nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data,
keyDER->len);
}
- o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
- strcpy(o->nickname, nickname);
-
- sprintf(id, "%d", objid);
-
- len = strlen(id) + 1; /* zero terminate */
- o->id.data = (void *) nss_ZAlloc(NULL, len);
- (void) nsslibc_memcpy(o->id.data, id, len);
- o->id.size = len;
return o;
+
+fail:
+ if (o) {
+ if (o->derCert) {
+ nss_ZFreeIf(o->derCert->data);
+ nss_ZFreeIf(o->derCert);
+ }
+ nss_ZFreeIf(o->id.data);
+ nss_ZFreeIf(o->nickname);
+ nss_ZFreeIf(o);
+ }
+ return NULL;
}
pemInternalObject *
@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
/* object not found, we need to create it */
pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
filename, objid, slotID);
+ if (io == NULL)
+ return NULL;
io->gobjIndex = count;
Index: nss.spec
===================================================================
RCS file: /cvs/pkgs/rpms/nss/F-13/nss.spec,v
retrieving revision 1.146
retrieving revision 1.147
diff -u -p -r1.146 -r1.147
--- nss.spec 14 Apr 2010 20:11:50 -0000 1.146
+++ nss.spec 7 Jun 2010 03:56:21 -0000 1.147
@@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.6
-Release: 5%{?dist}
+Release: 6%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -44,6 +44,7 @@ Patch2: nss-nolocalsql.patch
Patch3: renegotiate-transitional.patch
Patch4: validate-arguments.patch
Patch6: nss-enable-pem.patch
+Patch7: nsspem-596674.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -113,6 +114,7 @@ low level services.
%patch3 -p0 -b .transitional
%patch4 -p0 -b .validate
%patch6 -p0 -b .libpem
+%patch7 -p0 -b .596674
%build
@@ -486,6 +488,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/ns
%changelog
+* Sun Jun 06 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-6
+- Fix SIGSEGV within CreateObject (#596674)
+
* Sat Apr 12 2010 Elio Maldonado <emaldona at redhat.com> - 3.12.6-5
- Update pem source tar to pick up the following bug fixes:
- PEM - Allow collect objects to search through all objects
- Previous message: rpms/xfce-utils/F-12 xfce-utils.spec, 1.31, 1.32 sources, 1.15, 1.16 .cvsignore, 1.15, 1.16
- Next message: rpms/exo/F-13 exo.spec, 1.48, 1.49 sources, 1.16, 1.17 .cvsignore, 1.16, 1.17
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list