fix infinite loop while loading a private key (#453612)

2009-05-11 08:06:20 +00:00 · 2009-05-11 08:06:20 +00:00 · 7f2e1166e3
commit 7f2e1166e3
parent c059575de3
2 changed files with 127 additions and 1 deletions
--- a/curl-7.19.4-infloop.patch
+++ b/curl-7.19.4-infloop.patch
@ -0,0 +1,120 @@
 diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
 --- curl-7.19.4.orig/lib/nss.c	2009-05-11 09:47:54.761907000 +0200
 +++ curl-7.19.4/lib/nss.c	2009-05-11 09:57:06.889716145 +0200
@@ -85,11 +85,6 @@ volatile int initialized = 0;
 #define HANDSHAKE_TIMEOUT 30
 typedef struct {
 -  PRInt32 retryCount;
 -  struct SessionHandle *data;
 -} pphrase_arg_t;
 -
 -typedef struct {
   const char *name;
   int num;
   PRInt32 version; /* protocol version valid for this cipher */
@@ -483,7 +478,6 @@ static int nss_load_key(struct connectda
   CK_BBOOL cktrue = CK_TRUE;
   CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
   CK_SLOT_ID slotID;
 -  pphrase_arg_t *parg = NULL;
   char slotname[SLOTSIZE];
   struct ssl_connect_data *sslconn = &conn->ssl[sockindex];
@@ -516,17 +510,13 @@ static int nss_load_key(struct connectda
   SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
   PK11_IsPresent(slot);
 -  parg = malloc(sizeof(pphrase_arg_t));
 -  if(!parg)
 -    return 0;
 -  parg->retryCount = 0;
 -  parg->data = conn->data;
   /* parg is initialized in nss_Init_Tokens() */
 -  if(PK11_Authenticate(slot, PR_TRUE, parg) != SECSuccess) {
 -    free(parg);
 +  if(PK11_Authenticate(slot, PR_TRUE,
 +                       conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) {
 +
 +    PK11_FreeSlot(slot);
     return 0;
   }
 -  free(parg);
   PK11_FreeSlot(slot);
   return 1;
@@ -588,25 +578,11 @@ static int cert_stuff(struct connectdata
 static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
 {
 -  pphrase_arg_t *parg;
 -  parg = (pphrase_arg_t *) arg;
 -
   (void)slot; /* unused */
 -  if(retry > 2)
 +  if(retry || NULL == arg)
     return NULL;
 -  if(parg->data->set.str[STRING_KEY_PASSWD])
 -    return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
   else
 -    return NULL;
 -}
 -
 -/* No longer ask for the password, parg has been freed */
 -static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
 -{
 -  (void)slot; /* unused */
 -  (void)retry; /* unused */
 -  (void)arg; /* unused */
 -  return NULL;
 +    return (char *)PORT_Strdup((char *)arg);
 }
 static SECStatus nss_Init_Tokens(struct connectdata * conn)
@@ -614,14 +590,6 @@ static SECStatus nss_Init_Tokens(struct 
   PK11SlotList *slotList;
   PK11SlotListElement *listEntry;
   SECStatus ret, status = SECSuccess;
 -  pphrase_arg_t *parg = NULL;
 -
 -  parg = malloc(sizeof(pphrase_arg_t));
 -  if(!parg)
 -    return SECFailure;
 -
 -  parg->retryCount = 0;
 -  parg->data = conn->data;
   PK11_SetPasswordFunc(nss_get_password);
@@ -644,7 +612,8 @@ static SECStatus nss_Init_Tokens(struct 
       continue;
     }
 -    ret = PK11_Authenticate(slot, PR_TRUE, parg);
 +    ret = PK11_Authenticate(slot, PR_TRUE,
 +                            conn->data->set.str[STRING_KEY_PASSWD]);
     if(SECSuccess != ret) {
       if(PR_GetError() == SEC_ERROR_BAD_PASSWORD)
         infof(conn->data, "The password for token '%s' is incorrect\n",
@@ -652,12 +621,9 @@ static SECStatus nss_Init_Tokens(struct 
       status = SECFailure;
       break;
     }
 -    parg->retryCount = 0; /* reset counter to 0 for the next token */
     PK11_FreeSlot(slot);
   }
 -  free(parg);
 -
   return status;
 }
@@ -1220,8 +1186,6 @@ CURLcode Curl_nss_connect(struct connect
       curlerr = CURLE_SSL_CERTPROBLEM;
       goto error;
     }
 -
 -    PK11_SetPasswordFunc(nss_no_password);
   }
   else
     connssl->client_nickname = NULL;
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.4
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@ -13,6 +13,7 @@ Patch5: curl-7.19.4-enable-aes.patch
 Patch6: curl-7.19.4-nss-leak.patch
 Patch7: curl-7.19.4-debug.patch
 Patch8: curl-7.19.4-nss-leak2.patch
 Patch9: curl-7.19.4-infloop.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -60,6 +61,7 @@ use cURL's capabilities internally.
 %patch6 -p1 -b .nssleak
 %patch7 -p1 -b .debug
 %patch8 -p1 -b .nssleak2
 %patch9 -p1 -b .infloop
 # Convert docs to UTF-8
 for f in CHANGES README; do
@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 %changelog
 * Mon May 11 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-11
 - fix infinite loop while loading a private key, thanks to Michael Cronenworth
  (#453612)
 * Mon Apr 27 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-10
 - fix curl/nss memory leaks while using client certificate (#453612, accepted
  by upstream)