[jss/f15] Bugzilla Bug #715621 - Defects revealed by Coverity scan

Thu Oct 6 02:31:57 UTC 2011

commit fc3336b1f9a017f765bdd8750730a1954b89a050
Author: Kevin Wright <kwright at redhat.com>
Date:   Wed Oct 5 19:31:56 2011 -0700

    Bugzilla Bug #715621 - Defects revealed by Coverity scan

 clog                                        |    3 +-
 jss-PKCS12-FIPS.patch                       |   80 +++++++++
 jss-eliminate-native-coverity-defects.patch |  253 +++++++++++++++++++++++++++
 jss.spec                                    |   26 +++-
 4 files changed, 359 insertions(+), 3 deletions(-)
---

diff --git a/clog b/clog
index 53a8d6a..d2dcac7 100644
--- a/clog
+++ b/clog
@@ -1,2 +1 @@
-Bugzilla Bug #660436 - Warnings should be cleaned up in JSS build
-(jdennis, mharmsen)
+Bugzilla Bug #715621 - Defects revealed by Coverity scan
diff --git a/jss-PKCS12-FIPS.patch b/jss-PKCS12-FIPS.patch
new file mode 100644
index 0000000..b2aa854
--- /dev/null
+++ b/jss-PKCS12-FIPS.patch
@@ -0,0 +1,80 @@
+diff -up jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c.fix jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c
+--- jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c.fix	2011-08-15 15:39:56.633158000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyGenerator.c	2011-08-15 20:43:34.947749000 -0700
+@@ -239,40 +239,47 @@ print_secitem(SECItem *item) {
+  *      TokenException if an error occurs.
+  */
+ static PK11SymKey*
+-constructSHA1PBAKey(JNIEnv *env, SECItem *pwitem, SECItem *salt,
++constructSHA1PBAKey(JNIEnv *env, PK11SlotInfo *slot, SECItem *pwitem, SECItem *salt,
+         int iterationCount)
+ {
+-    PBEBitGenContext* pbeCtxt=NULL;
+-    SECItem *keyBits=NULL;
+     PK11SymKey *key=NULL;
+ 
+-    pbeCtxt = PBE_CreateContext( SEC_OID_SHA1, pbeBitGenIntegrityKey,
+-                    pwitem, salt, 160 /* SHA1 key length */, iterationCount);
+-    if( pbeCtxt == NULL ) {
+-        JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to create PBE context");
++    unsigned char ivData[8];
++    SECItem mechItem;
++    CK_PBE_PARAMS pbe_params;
++
++    if( pwitem == NULL ) {
++        JSS_throwMsg(env, TOKEN_EXCEPTION,
++            "constructSHA1PAKey:"
++            " pwitem NULL");
+         goto finish;
+     }
+-
+-    keyBits = PBE_GenerateBits(pbeCtxt);
+-    if( keyBits == NULL ) {
+-        JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to generate bits from"
+-                "PBE context");
++    if( salt == NULL ) {
++        JSS_throwMsg(env, TOKEN_EXCEPTION,
++            "constructSHA1PAKey:"
++            " salt NULL");
+         goto finish;
+     }
+ 
+-    key = PK11_ImportSymKey( PK11_GetInternalSlot(), CKM_SHA_1,
+-                PK11_OriginGenerated, CKA_SIGN, keyBits, NULL);
++    pbe_params.pInitVector = ivData;
++    pbe_params.pPassword = pwitem->data;
++    pbe_params.ulPasswordLen = pwitem->len;
++    pbe_params.pSalt = salt->data;
++    pbe_params.ulSaltLen = salt->len;
++    pbe_params.ulIteration = iterationCount;
++    mechItem.data = (unsigned char *) &pbe_params;
++    mechItem.len = sizeof(pbe_params);
++
++    key = PK11_RawPBEKeyGen(slot, CKM_PBA_SHA1_WITH_SHA1_HMAC, &mechItem, pwitem, PR_FALSE, NULL);
++
+     if( key == NULL ) {
+-        JSS_throwMsg(env, TOKEN_EXCEPTION, "Failed to import PBA key from"
+-            " PBA-generated bits");
++        JSS_throwMsg(env, TOKEN_EXCEPTION,
++            "PK11_RawPBEKeyGen:"
++            " failed to generate key");
+         goto finish;
+     }
+ 
+ finish:
+-    if( pbeCtxt ) {
+-        PBE_DestroyContext(pbeCtxt);
+-    }
+-    /* keyBits == pbeCtxt, so we don't need to free it */
+     return key;
+ }
+ 
+@@ -324,7 +331,7 @@ Java_org_mozilla_jss_pkcs11_PK11KeyGener
+ 
+         /* special case, construct key by hand. Bug #336587 */
+ 
+-        skey = constructSHA1PBAKey(env, pwitem, salt, iterationCount);
++        skey = constructSHA1PBAKey(env, slot, pwitem, salt, iterationCount);
+         if( skey==NULL ) {
+             /* exception was thrown */
+             goto finish;
diff --git a/jss-eliminate-native-coverity-defects.patch b/jss-eliminate-native-coverity-defects.patch
new file mode 100644
index 0000000..68e0fad
--- /dev/null
+++ b/jss-eliminate-native-coverity-defects.patch
@@ -0,0 +1,253 @@
+diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c
+--- jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c	2004-04-25 08:02:18.000000000 -0700
++++ jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c	2011-09-17 18:37:39.875900000 -0700
+@@ -275,9 +275,11 @@ diagnosePath(const char * path)
+ 	    rv = readlink(myPath, buf, sizeof buf);
+ 	    if (rv < 0) {
+ 	    	perror("readlink");
+-		buf[0] = 0;
+-	    } else {
++	    	buf[0] = 0;
++	    } else if ( rv < BUFSIZ ) {
+ 	    	buf[rv] = 0;
++	    } else {
++	    	buf[BUFSIZ-1] = 0;
+ 	    }
+ 	    fprintf(stderr, "%s is a link to %s\n", myPath, buf);
+ 	} else if (S_ISDIR(sb.st_mode)) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c	2011-09-17 17:33:08.823975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c	2011-09-17 20:09:35.446977000 -0700
+@@ -728,14 +728,14 @@ getPWFromCallback(PK11SlotInfo *slot, PR
+     }
+ 
+ finish:
+-    if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+ #ifdef DEBUG
++    if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
+         jclass giveupClass;
+         jmethodID printStackTrace;
+         jclass excepClass;
+-#endif
++
+         (*env)->ExceptionClear(env);
+-#ifdef DEBUG
++
+         giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION);
+         PR_ASSERT(giveupClass != NULL);
+         if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) {
+@@ -746,8 +746,12 @@ finish:
+             PR_ASSERT( PR_FALSE );
+         }
+         PR_ASSERT(returnchars==NULL);
+-#endif
+     }
++#else
++    if( ((*env)->ExceptionOccurred(env)) != NULL) {
++        (*env)->ExceptionClear(env);
++    }
++#endif
+     return returnchars;
+ }
+ 
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c	2011-09-17 17:33:08.834976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c	2011-09-19 16:51:46.438021000 -0700
+@@ -768,6 +768,10 @@ static int find_leaf_cert(
+     int *linked = NULL;
+ 
+     linked = PR_Malloc( sizeof(int) * numCerts );
++    if (linked == NULL) {
++        status = 0;
++        goto finish;
++    }
+ 
+     /* initialize the bitmap */
+     for (i = 0; i < numCerts; i++) {
+@@ -1735,7 +1739,7 @@ Java_org_mozilla_jss_CryptoManager_verif
+ {
+     SECStatus         rv    = SECFailure;
+     SECCertUsage      certUsage;
+-    SECItem *derCerts[2];
++    SECItem *derCerts[2] = { NULL, NULL };
+     CERTCertificate **certArray = NULL;
+     CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
+ 
+@@ -1749,7 +1753,6 @@ Java_org_mozilla_jss_CryptoManager_verif
+     }
+     PR_ASSERT(certdb != NULL);
+ 
+-    derCerts[0] = NULL;
+     derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray);
+     derCerts[1] = NULL;
+ 
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-09-17 17:33:08.708976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-09-17 19:37:52.834292000 -0700
+@@ -235,7 +235,7 @@ static PRStatus
+ getAlgInfo(JNIEnv *env, jobject alg, JSS_AlgInfo *info)
+ {
+     jint index;
+-    PRStatus status;
++    PRStatus status = PR_FAILURE;
+ 
+     PR_ASSERT(env!=NULL && alg!=NULL && info!=NULL);
+ 
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c	2011-09-17 17:33:08.970975000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c	2011-09-17 19:47:21.850722000 -0700
+@@ -181,7 +181,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageD
+     PK11Context *context=NULL;
+     jbyte *bytes=NULL;
+     SECStatus status;
+-    unsigned int outLen;
++    unsigned int outLen = 0;
+ 
+     if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS) {
+         /* exception was thrown */
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c	2011-09-17 17:33:09.013977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c	2011-09-17 18:16:40.231161000 -0700
+@@ -273,6 +273,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_g
+         break;
+     case keaKey:
+         keyTypeFieldName = KEA_KEYTYPE_FIELD;
++        break;
+     default:
+         PR_ASSERT(PR_FALSE);
+         keyTypeFieldName = NULL_KEYTYPE_FIELD;
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c	2011-09-17 17:33:09.032977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c	2011-09-17 19:48:57.776628000 -0700
+@@ -390,12 +390,6 @@ importPrivateKey
+     SECStatus status;
+     SECItem nickname;
+ 
+-    keyType = JSS_PK11_getKeyType(env, keyTypeObj);
+-    if( keyType == nullKey ) {
+-        /* exception was thrown */
+-        goto finish;
+-    }
+-
+     /*
+      * initialize so we can goto finish
+      */
+@@ -403,6 +397,12 @@ importPrivateKey
+     derPK.len = 0;
+ 
+ 
++    keyType = JSS_PK11_getKeyType(env, keyTypeObj);
++    if( keyType == nullKey ) {
++        /* exception was thrown */
++        goto finish;
++    }
++
+     PR_ASSERT(env!=NULL && this!=NULL);
+ 
+     if(keyArray == NULL) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c	2011-09-17 17:33:09.050976000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c	2011-09-17 19:53:46.184339000 -0700
+@@ -962,12 +962,12 @@ JNIEXPORT jstring JNICALL Java_org_mozil
+ {
+     PK11SlotInfo *slot;
+     const char* c_subject=NULL;
+-    jboolean isCopy;
++    jboolean isCopy = JNI_FALSE;
+     unsigned char *b64request=NULL;
+     SECItem p, q, g;
+     PQGParams *dsaParams=NULL;
+     const char* c_keyType;
+-    jboolean k_isCopy;
++    jboolean k_isCopy = JNI_FALSE;
+     SECOidTag signType = SEC_OID_UNKNOWN;
+     PK11RSAGenParams rsaParams;
+     void *params = NULL;
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2011-09-17 17:33:09.073977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2011-09-17 19:56:20.428184000 -0700
+@@ -516,11 +516,6 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
+         goto finish;
+     }
+ 
+-    if( addrBAelems == NULL ) {
+-        ASSERT_OUTOFMEM(env);
+-        goto finish;
+-    }
+-
+     if(addrBALen != 4 && addrBALen != 16) {
+         JSSL_throwSSLSocketException(env, "Invalid address in connect!");
+         goto finish;
+@@ -720,7 +715,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_getCi
+ {
+     JSSL_SocketData *sock=NULL;
+     SECStatus status;
+-    PRBool enabled;
++    PRBool enabled = PR_FAILURE;
+ 
+     /* get the fd */
+     if( JSSL_getSockData(env, sockObj, &sock) != PR_SUCCESS) {
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c	2004-09-03 11:32:03.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c	2011-09-17 18:15:07.825252000 -0700
+@@ -684,17 +684,13 @@ JSSL_ConfirmExpiredPeerCert(void *arg, P
+         * Now check the name field in the cert against the desired hostname.
+         * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
+         */
+-        if( peerCert == NULL ) {
+-            rv = SECFailure;
++        char* hostname = NULL;
++        hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
++        if (hostname && hostname[0]) {
++            rv = CERT_VerifyCertName(peerCert, hostname);
++            PORT_Free(hostname);
+         } else {
+-            char* hostname = NULL;
+-            hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
+-            if (hostname && hostname[0]) {
+-                rv = CERT_VerifyCertName(peerCert, hostname);
+-                PORT_Free(hostname);
+-            } else {
+-                rv = SECFailure;
+-            }
++            rv = SECFailure;
+         }
+     }
+ 
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2011-09-17 17:33:09.094977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2011-09-17 19:16:38.546566000 -0700
+@@ -95,6 +95,10 @@ writebuf(JNIEnv *env, PRFileDesc *fd, jo
+     jint arrayLen=-1;
+     PRInt32 retval;
+ 
++    if( env == NULL ) {
++        goto finish;
++    }
++
+     /*
+      * get the OutputStream
+      */
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c	2002-07-03 17:25:46.000000000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c	2011-09-18 23:02:28.130883000 -0700
+@@ -427,6 +427,7 @@ JSS_ConvertNativeErrcodeToJava(PRErrorCo
+ #endif
+ 
+     key.native = nativeErrcode;
++    key.java = -1;
+     target = bsearch( &key, errcodeTable, numErrcodes, sizeof(Errcode),
+         errcodeCompare );
+ 
+diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
+--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c	2011-09-17 17:33:09.103977000 -0700
++++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c	2011-09-19 16:38:19.428634000 -0700
+@@ -529,7 +529,7 @@ JSS_wipeCharArray(char* array)
+  */
+ static char* getPWFromConsole()
+ {
+-    char c;
++    int c;
+     char *ret;
+     int i;
+     char buf[200];  /* no buffer overflow: we bail after 200 chars */
diff --git a/jss.spec b/jss.spec
index 55eee11..5c49814 100644
--- a/jss.spec
+++ b/jss.spec
@@ -1,6 +1,6 @@
 Name:           jss
 Version:        4.2.6
-Release:        18%{?dist}
+Release:        20%{?dist}
 Summary:        Java Security Services (JSS)
 
 Group:          System Environment/Libraries
@@ -36,6 +36,8 @@ Patch10:        jss-VerifyCertificateReturnCU.patch
 Patch12:        jss-ECC-HSM-FIPS.patch
 Patch13:        jss-eliminate-native-compiler-warnings.patch
 Patch14:        jss-eliminate-java-compiler-warnings.patch
+Patch15:        jss-PKCS12-FIPS.patch
+Patch16:        jss-eliminate-native-coverity-defects.patch
 
 
 %description
@@ -67,6 +69,8 @@ This package contains the API documentation for JSS.
 %patch12 -p1
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 %build
 [ -z "$JAVA_HOME" ] && export JAVA_HOME=%{_jvmdir}/java
@@ -101,6 +105,11 @@ USE_64=1
 export USE_64
 %endif
 
+%if 0%{?fedora} >= 16
+cp -p mozilla/security/coreconf/Linux2.6.mk mozilla/security/coreconf/Linux3.1.mk 
+sed -i -e 's;LINUX2_1;LINUX3_1;' mozilla/security/coreconf/Linux3.1.mk
+%endif
+
 # The Makefile is not thread-safe
 make -C mozilla/security/coreconf
 make -C mozilla/security/jss
@@ -117,12 +126,17 @@ cp -p %{SOURCE3} .
 # There is no install target so we'll do it by hand
 
 # jars
+%if 0%{?fedora} >= 16
+install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
+install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
+%else
 install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
 install -m 644 mozilla/dist/xpclass.jar ${RPM_BUILD_ROOT}%{_libdir}/jss/jss4-%{version}.jar
 ln -fs jss4-%{version}.jar $RPM_BUILD_ROOT%{_libdir}/jss/jss4.jar
 
 install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
 ln -fs %{_libdir}/jss/jss4.jar $RPM_BUILD_ROOT%{_jnidir}/jss4.jar
+%endif
 
 # We have to use the name libjss4.so because this is dynamically
 # loaded by the jar file.
@@ -150,6 +164,16 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Sep 19 2011 Matthew Harmsen <mharmsen at redhat.com> - 4.2.6-20
+- Bugzilla Bug #715621 - Defects revealed by Coverity scan
+
+* Wed Aug 31 2011 Matthew Harmsen <mharmsen at redhat.com> - 4.2.6-19.1
+- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
+
+* Mon Aug 15 2011 Christina Fu <cfu at redhat.com> - 4.2.6-19
+- Bugzilla Bug 733550 - DRM failed to recovery keys when in FIPS mode
+  (HSM + NSS)
+
 * Fri Aug 12 2011 Matthew Harmsen <mharmsen at redhat.com> - 4.2.6-18
 - Bugzilla Bug #660436 - Warnings should be cleaned up in JSS build
   (jdennis, mharmsen)
