fix infinite loop while loading a private key (#453612)

2009-05-11 08:06:20 +00:00 · 2009-05-11 08:06:20 +00:00 · 7f2e1166e3
commit 7f2e1166e3
parent c059575de3
2 changed files with 127 additions and 1 deletions
--- a/curl-7.19.4-infloop.patch
+++ b/curl-7.19.4-infloop.patch
@ -0,0 +1,120 @@
+diff -ruNp curl-7.19.4.orig/lib/nss.c curl-7.19.4/lib/nss.c
+--- curl-7.19.4.orig/lib/nss.c	2009-05-11 09:47:54.761907000 +0200
+++ curl-7.19.4/lib/nss.c	2009-05-11 09:57:06.889716145 +0200
+@@ -85,11 +85,6 @@ volatile int initialized = 0;
+ #define HANDSHAKE_TIMEOUT 30
+ 
+ typedef struct {
+-  PRInt32 retryCount;
+-  struct SessionHandle *data;
+-} pphrase_arg_t;
+-
+-typedef struct {
+   const char *name;
+   int num;
+   PRInt32 version; /* protocol version valid for this cipher */
+@@ -483,7 +478,6 @@ static int nss_load_key(struct connectda
+   CK_BBOOL cktrue = CK_TRUE;
+   CK_OBJECT_CLASS objClass = CKO_PRIVATE_KEY;
+   CK_SLOT_ID slotID;
+-  pphrase_arg_t *parg = NULL;
+   char slotname[SLOTSIZE];
+   struct ssl_connect_data *sslconn = &conn->ssl[sockindex];
+ 
+@@ -516,17 +510,13 @@ static int nss_load_key(struct connectda
+   SECMOD_WaitForAnyTokenEvent(mod, 0, 0);
+   PK11_IsPresent(slot);
+ 
+-  parg = malloc(sizeof(pphrase_arg_t));
+-  if(!parg)
+-    return 0;
+-  parg->retryCount = 0;
+-  parg->data = conn->data;
+   /* parg is initialized in nss_Init_Tokens() */
+-  if(PK11_Authenticate(slot, PR_TRUE, parg) != SECSuccess) {
+-    free(parg);
+  if(PK11_Authenticate(slot, PR_TRUE,
+                       conn->data->set.str[STRING_KEY_PASSWD]) != SECSuccess) {
+
+    PK11_FreeSlot(slot);
+     return 0;
+   }
+-  free(parg);
+   PK11_FreeSlot(slot);
+ 
+   return 1;
+@@ -588,25 +578,11 @@ static int cert_stuff(struct connectdata
+ 
+ static char * nss_get_password(PK11SlotInfo * slot, PRBool retry, void *arg)
+ {
+-  pphrase_arg_t *parg;
+-  parg = (pphrase_arg_t *) arg;
+-
+   (void)slot; /* unused */
+-  if(retry > 2)
+  if(retry || NULL == arg)
+     return NULL;
+-  if(parg->data->set.str[STRING_KEY_PASSWD])
+-    return (char *)PORT_Strdup((char *)parg->data->set.str[STRING_KEY_PASSWD]);
+   else
+-    return NULL;
+-}
+-
+-/* No longer ask for the password, parg has been freed */
+-static char * nss_no_password(PK11SlotInfo *slot, PRBool retry, void *arg)
+-{
+-  (void)slot; /* unused */
+-  (void)retry; /* unused */
+-  (void)arg; /* unused */
+-  return NULL;
+    return (char *)PORT_Strdup((char *)arg);
+ }
+ 
+ static SECStatus nss_Init_Tokens(struct connectdata * conn)
+@@ -614,14 +590,6 @@ static SECStatus nss_Init_Tokens(struct 
+   PK11SlotList *slotList;
+   PK11SlotListElement *listEntry;
+   SECStatus ret, status = SECSuccess;
+-  pphrase_arg_t *parg = NULL;
+-
+-  parg = malloc(sizeof(pphrase_arg_t));
+-  if(!parg)
+-    return SECFailure;
+-
+-  parg->retryCount = 0;
+-  parg->data = conn->data;
+ 
+   PK11_SetPasswordFunc(nss_get_password);
+ 
+@@ -644,7 +612,8 @@ static SECStatus nss_Init_Tokens(struct 
+       continue;
+     }
+ 
+-    ret = PK11_Authenticate(slot, PR_TRUE, parg);
+    ret = PK11_Authenticate(slot, PR_TRUE,
+                            conn->data->set.str[STRING_KEY_PASSWD]);
+     if(SECSuccess != ret) {
+       if(PR_GetError() == SEC_ERROR_BAD_PASSWORD)
+         infof(conn->data, "The password for token '%s' is incorrect\n",
+@@ -652,12 +621,9 @@ static SECStatus nss_Init_Tokens(struct 
+       status = SECFailure;
+       break;
+     }
+-    parg->retryCount = 0; /* reset counter to 0 for the next token */
+     PK11_FreeSlot(slot);
+   }
+ 
+-  free(parg);
+-
+   return status;
+ }
+ 
+@@ -1220,8 +1186,6 @@ CURLcode Curl_nss_connect(struct connect
+       curlerr = CURLE_SSL_CERTPROBLEM;
+       goto error;
+     }
+-
+-    PK11_SetPasswordFunc(nss_no_password);
+   }
+   else
+     connssl->client_nickname = NULL;
--- a/curl.spec
+++ b/curl.spec
@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.19.4
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.bz2
@ -13,6 +13,7 @@ Patch5: curl-7.19.4-enable-aes.patch
 Patch6: curl-7.19.4-nss-leak.patch
 Patch7: curl-7.19.4-debug.patch
 Patch8: curl-7.19.4-nss-leak2.patch
+Patch9: curl-7.19.4-infloop.patch
 Provides: webclient
 URL: http://curl.haxx.se/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -60,6 +61,7 @@ use cURL's capabilities internally.
 %patch6 -p1 -b .nssleak
 %patch7 -p1 -b .debug
 %patch8 -p1 -b .nssleak2
+%patch9 -p1 -b .infloop

 # Convert docs to UTF-8
 for f in CHANGES README; do
@ -152,6 +154,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4

 %changelog
+* Mon May 11 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-11
+- fix infinite loop while loading a private key, thanks to Michael Cronenworth
+  (#453612)
+
 * Mon Apr 27 2009 Kamil Dudka <kdudka@redhat.com> 7.19.4-10
 - fix curl/nss memory leaks while using client certificate (#453612, accepted
  by upstream)