Fix sigsegv on call to NSS_Initialize - rhbz #553638

This commit is contained in:
Elio Maldonado 2010-01-13 06:13:28 +00:00
parent 26452cb3f5
commit 19b99b2cd7
2 changed files with 110 additions and 1 deletions

104
553638.patch Normal file
View File

@ -0,0 +1,104 @@
diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
--- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 2010-01-12 19:44:44.772770237 -0800
+++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c 2010-01-12 19:47:41.906770758 -0800
@@ -36,6 +36,7 @@
#include "seccomon.h"
#include "prio.h"
#include "prprf.h"
+#include "plhash.h"
/*
* The following provides a default example for operating systems to set up
@@ -212,6 +213,25 @@ getFIPSMode(void)
#define NSS_DEFAULT_FLAGS "flags=readonly"
+/* configuration flags according to
+ * https://developer.mozilla.org/en/PKCS11_Module_Specs
+ * As stated there the slotParams start with a slot name which is a slotID
+ * Slots 1 through 3 are reserved for the nss internal modules as follows:
+ * 1 for crypto operations slot non-fips,
+ * 2 for the key slot, and
+ * 3 for the crypto operations slot fips
+ */
+#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
+#define SLOT_FLAGS \
+ "[slotFags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
+ " askpw=any timeout=30 ]"
+
+static const char *nssDefaultFlags =
+ ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " } ";
+
+static const char *nssDefaultFIPSFlags =
+ ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " } ";
+
/*
* This function builds the list of databases and modules to load, and sets
* their configuration. For the sample we have a fixed set.
@@ -226,13 +246,6 @@ getFIPSMode(void)
* the decision making process.
*
*/
-static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] } ";
-static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
-slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
-askpw=any timeout=30 ] } ";
-
static char **
get_list(char *filename, char *stripped_parameters)
{
@@ -250,10 +263,15 @@ get_list(char *filename, char *stripped_
sysdb = getSystemDB();
userdb = getUserDB();
- if (sysdb && !strcmp(filename, sysdb))
- filename = NULL;
- if (userdb && !strcmp(filename, userdb))
- filename = NULL;
+ /* Using a NULL filename as a Boolean flag to
+ * prevent registering both an application-defined
+ * db and the system db. rhbz #546211.
+ */
+ PORT_Assert(filename);
+ if (sysdb && PL_CompareStrings(filename, sysdb))
+ filename = NULL;
+ else if (userdb && PL_CompareStrings(filename, userdb))
+ filename = NULL;
/* Don't open root's user DB */
if (userdb != NULL && !userIsRoot()) {
@@ -262,9 +280,9 @@ get_list(char *filename, char *stripped_
"library= "
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" "
- "NSS=\"%sflags=internal%s\"",
- userdb, stripped_parameters, nssflags,
- isFIPS ? ",FIPS" : "");
+ "NSS=\"%sflags=internal%s\"",
+ userdb, stripped_parameters, nssflags,
+ isFIPS ? ",FIPS" : "");
/* now open the user's defined PKCS #11 modules */
/* skip the local user DB entry */
@@ -273,14 +291,14 @@ get_list(char *filename, char *stripped_
"module=\"NSS User database\" "
"parameters=\"configdir='sql:%s' %s\" "
"NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",
- userdb, stripped_parameters);
+ userdb, stripped_parameters);
}
if (filename && !userIsRoot() && 0
- /* This doesn't actually work. If we register
- both this and the sysdb (in either order)
- then only one of them actually shows up */) {
- module_list[next++] = PR_smprintf(
+ /* This doesn't actually work. If we register
+ both this and the sysdb (in either order)
+ then only one of them actually shows up */) {
+ module_list[next++] = PR_smprintf(
"library= "
"module=\"NSS database\" "
"parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" "

View File

@ -7,7 +7,7 @@
Summary: Network Security Services
Name: nss
Version: 3.12.5
Release: 1%{?dist}.13.2
Release: 1.1%{?dist}
License: MPLv1.1 or GPLv2+ or LGPLv2+
URL: http://www.mozilla.org/projects/security/pki/nss/
Group: System Environment/Libraries
@ -47,6 +47,7 @@ Patch9: 540387.patch
Patch10: 545779.patch
Patch11: 546221.patch
Patch12: 547860.patch
Patch13: 553638.patch
%description
Network Security Services (NSS) is a set of libraries designed to
@ -119,6 +120,7 @@ low level services.
%patch10 -p0 -b .545779
%patch11 -p1 -b .546221
%patch12 -p1 -b .547860
%patch13 -p1 -b .553638
%build
@ -485,6 +487,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h
%changelog
* Tue Jan 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-1.1
- Fix SIGSEGV on call of NSS_Initialize (#553638)
* Wed Jan 06 2010 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.13.2
- New version of patch to allow root to modify ystem database (#547860)