[nss] - Fix attempt to free initialized pointer (#717338) - Fix leak on pem_CreateObject when given non-ex
Elio Maldonado
emaldonado at fedoraproject.org
Wed Sep 14 19:29:47 UTC 2011
commit 3586aff4e7cd1a29e45d4904e86a36a028080d97
Author: Elio Maldonado <emaldona at redhat.com>
Date: Wed Sep 14 12:28:24 2011 -0700
- Fix attempt to free initialized pointer (#717338)
- Fix leak on pem_CreateObject when given non-existing file name (#734760)
- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
0001-libnsspem-rhbz-734760.patch | 21 ++++
nss.spec | 16 +++-
nsspem-createobject-initialize-pointer.patch | 11 ++
nsspem-init-inform-not-thread-safe.patch | 129 ++++++++++++++++++++++++++
4 files changed, 174 insertions(+), 3 deletions(-)
---
diff --git a/0001-libnsspem-rhbz-734760.patch b/0001-libnsspem-rhbz-734760.patch
new file mode 100644
index 0000000..45b4024
--- /dev/null
+++ b/0001-libnsspem-rhbz-734760.patch
@@ -0,0 +1,21 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.734760 2011-09-10 10:21:38.819248564 -0700
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:28:47.970083785 -0700
+@@ -1117,7 +1117,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ objid = -1;
+ /* Brute force: find the id of the key, if any, in this slot */
+@@ -1176,7 +1176,7 @@ pem_CreateObject
+
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
+ if (nobjs < 1)
+- return (NSSCKMDObject *) NULL;
++ goto loser;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
+ certDER.data = NULL;
diff --git a/nss.spec b/nss.spec
index 97bc013..5fbb281 100644
--- a/nss.spec
+++ b/nss.spec
@@ -6,7 +6,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.11
-Release: 2%{?dist}
+Release: 3%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@@ -55,9 +55,12 @@ Patch6: nss-enable-pem.patch
Patch7: nsspem-642433.patch
Patch8: 0001-Bug-695011-PEM-logging.patch
Patch16: nss-539183.patch
-#Patch17: nss-703658.patch
Patch18: nss-646045.patch
Patch19: builtins-nssckbi_1_87_rtm.patch
+Patch20: nsspem-createobject-initialize-pointer.patch
+Patch21: 0001-libnsspem-rhbz-734760.patch
+Patch22: nsspem-init-inform-not-thread-safe.patch
+
%description
Network Security Services (NSS) is a set of libraries designed to
@@ -133,9 +136,11 @@ low level services.
%patch7 -p0 -b .642433
%patch8 -p1 -b .695011
%patch16 -p0 -b .539183
-#%patch17 -p0 -b .703658
%patch18 -p0 -b .646045
%patch19 -p0 -b .ckbi187
+%patch20 -p1 -b .717338
+%patch21 -p1 -b .734760
+%patch22 -p0 -b .736410
%build
@@ -546,6 +551,11 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
+* Wed Sep 14 2011 Elio Maldonado <emaldona at redhat.com> - 3.12.11-3
+- Fix attempt to free initilized pointer (#717338)
+- Fix leak on pem_CreateObject when given non-existing file name (#734760)
+- Fix pem_Initialize to return CKR_CANT_LOCK on multi-treaded calls (#736410)
+
* Tue Sep 06 2011 Kai Engert <kaie at redhat.com> - 3.12.11-2
- Update builtins certs to those from NSSCKBI_1_87_RTM
diff --git a/nsspem-createobject-initialize-pointer.patch b/nsspem-createobject-initialize-pointer.patch
new file mode 100644
index 0000000..cdfdea3
--- /dev/null
+++ b/nsspem-createobject-initialize-pointer.patch
@@ -0,0 +1,11 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 ./mozilla/security/nss/lib/ckfw/pem/pobject.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pobject.c.717338 2010-11-25 10:49:27.000000000 -0800
++++ ./mozilla/security/nss/lib/ckfw/pem/pobject.c 2011-09-10 10:16:58.752726964 -0700
+@@ -1179,6 +1179,7 @@ pem_CreateObject
+ return (NSSCKMDObject *) NULL;
+
+ certDER.len = 0; /* in case there is no equivalent cert */
++ certDER.data = NULL;
+
+ objid = -1;
+ for (i = 0; i < pem_nobjs; i++) {
diff --git a/nsspem-init-inform-not-thread-safe.patch b/nsspem-init-inform-not-thread-safe.patch
new file mode 100644
index 0000000..2df4fbe
--- /dev/null
+++ b/nsspem-init-inform-not-thread-safe.patch
@@ -0,0 +1,129 @@
+--- mozilla/security/nss/lib/ckfw/pem/pinst.c.736410 2010-11-25 11:51:52.000000000 -0800
++++ mozilla/security/nss/lib/ckfw/pem/pinst.c 2011-09-13 16:59:49.325215540 -0700
+@@ -364,39 +364,37 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+ size += PEM_ITEM_CHUNK;
+ }
+ gobj[count] = io;
+ count++;
+ pem_nobjs++;
+
+ io->refCount ++;
+ return io;
+ }
+
+ CK_RV
+ AddCertificate(char *certfile, char *keyfile, PRBool cacert,
+ CK_SLOT_ID slotID)
+ {
+ pemInternalObject *o;
+- SECItem certDER;
+ CK_RV error = 0;
+ int objid, i;
+ int nobjs = 0;
+ SECItem **objs = NULL;
+ char *ivstring = NULL;
+ int cipher;
+
+- certDER.data = NULL;
+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
+ if (nobjs <= 0) {
+ nss_ZFreeIf(objs);
+ return CKR_GENERAL_ERROR;
+ }
+
+ /* For now load as many certs as are in the file for CAs only */
+ if (cacert) {
+ for (i = 0; i < nobjs; i++) {
+ char nickname[1024];
+ objid = pem_nobjs + 1;
+
+ snprintf(nickname, 1024, "%s - %d", certfile, i);
+
+ o = AddObjectIfNeeded(CKO_CERTIFICATE, pemCert, objs[i], NULL,
+@@ -456,72 +454,76 @@ AddCertificate(char *certfile, char *key
+ loser:
+ nss_ZFreeIf(objs);
+ nss_ZFreeIf(o);
+ return error;
+ }
+
+ CK_RV
+ pem_Initialize
+ (
+ NSSCKMDInstance * mdInstance,
+ NSSCKFWInstance * fwInstance,
+ NSSUTF8 * configurationData
+ )
+ {
+ CK_RV rv;
+- /* parse the initialization string and initialize CRLInstances */
++ /* parse the initialization string */
+ char **certstrings = NULL;
++ char *modparms = NULL;
+ PRInt32 numcerts = 0;
+ PRBool status, error = PR_FALSE;
+ int i;
++ CK_C_INITIALIZE_ARGS_PTR modArgs = NULL;
++
++ if (!fwInstance) return CKR_ARGUMENTS_BAD;
++
++ modArgs = NSSCKFWInstance_GetInitArgs(fwInstance);
++ if (modArgs &&
++ ((modArgs->flags & CKF_OS_LOCKING_OK) || (modArgs->CreateMutex != 0))) {
++ return CKR_CANT_LOCK;
++ }
+
+ if (pemInitialized) {
+ return CKR_OK;
+ }
++
+ RNG_RNGInit();
+
+ open_log();
+
+ plog("pem_Initialize\n");
+
+- unsigned char *modparms = NULL;
+- if (!fwInstance) {
+- return CKR_ARGUMENTS_BAD;
+- }
+-
+- CK_C_INITIALIZE_ARGS_PTR modArgs =
+- NSSCKFWInstance_GetInitArgs(fwInstance);
+ if (!modArgs || !modArgs->LibraryParameters) {
+ goto done;
+ }
+- modparms = (unsigned char *) modArgs->LibraryParameters;
++ modparms = (char *) modArgs->LibraryParameters;
+ plog("Initialized with %s\n", modparms);
+
+ /*
+ * The initialization string format is a space-delimited file of
+ * pairs of paths which are delimited by a semi-colon. The first
+ * entry of the pair is the path to the certificate file. The
+ * second is the path to the key file.
+ *
+ * CA certificates do not need the semi-colon.
+ *
+ * Example:
+ * /etc/certs/server.pem;/etc/certs/server.key /etc/certs/ca.pem
+ *
+ */
+ status =
+- pem_ParseString((const char *) modparms, ' ', &numcerts,
++ pem_ParseString(modparms, ' ', &numcerts,
+ &certstrings);
+ if (status == PR_FALSE) {
+ return CKR_ARGUMENTS_BAD;
+ }
+
+ for (i = 0; i < numcerts && error != PR_TRUE; i++) {
+ char *cert = certstrings[i];
+ PRInt32 attrcount = 0;
+ char **certattrs = NULL;
+ status = pem_ParseString(cert, ';', &attrcount, &certattrs);
+ if (status == PR_FALSE) {
+ error = PR_TRUE;
+ break;
+ }
+
More information about the scm-commits
mailing list