Fix sigsegv on call to NSS_Initialize - rhbz #553638
This commit is contained in:
		
							parent
							
								
									26452cb3f5
								
							
						
					
					
						commit
						19b99b2cd7
					
				
							
								
								
									
										104
									
								
								553638.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										104
									
								
								553638.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,104 @@ | ||||
| diff -up nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638 nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c
 | ||||
| --- nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c.553638	2010-01-12 19:44:44.772770237 -0800
 | ||||
| +++ nss-3.12.5/mozilla/security/nss/lib/sysinit/nsssysinit.c	2010-01-12 19:47:41.906770758 -0800
 | ||||
| @@ -36,6 +36,7 @@
 | ||||
|  #include "seccomon.h" | ||||
|  #include "prio.h" | ||||
|  #include "prprf.h" | ||||
| +#include "plhash.h"
 | ||||
|   | ||||
|  /* | ||||
|   * The following provides a default example for operating systems to set up | ||||
| @@ -212,6 +213,25 @@ getFIPSMode(void)
 | ||||
|   | ||||
|  #define NSS_DEFAULT_FLAGS "flags=readonly" | ||||
|   | ||||
| +/* configuration flags according to
 | ||||
| + * https://developer.mozilla.org/en/PKCS11_Module_Specs
 | ||||
| + * As stated there the slotParams start with a slot name which is a slotID
 | ||||
| + * Slots 1 through 3 are reserved for the nss internal modules as follows:
 | ||||
| + * 1 for crypto operations slot non-fips,
 | ||||
| + * 2 for the key slot, and
 | ||||
| + * 3 for the crypto operations slot fips
 | ||||
| + */
 | ||||
| +#define ORDER_FLAGS "trustOrder=75 cipherOrder=100"
 | ||||
| +#define SLOT_FLAGS \
 | ||||
| +	"[slotFags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM" \
 | ||||
| +        " askpw=any timeout=30 ]"
 | ||||
| + 
 | ||||
| +static const char *nssDefaultFlags =
 | ||||
| +	ORDER_FLAGS " slotParams={0x00000001=" SLOT_FLAGS " }  ";
 | ||||
| +
 | ||||
| +static const char *nssDefaultFIPSFlags =
 | ||||
| +	ORDER_FLAGS " slotParams={0x00000003=" SLOT_FLAGS " }  ";
 | ||||
| +
 | ||||
|  /* | ||||
|   * This function builds the list of databases and modules to load, and sets | ||||
|   * their configuration. For the sample we have a fixed set. | ||||
| @@ -226,13 +246,6 @@ getFIPSMode(void)
 | ||||
|   * the decision making process. | ||||
|   * | ||||
|   */ | ||||
| -static const char *nssDefaultFlags = "trustOrder=75 cipherOrder=100 \
 | ||||
| -slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
 | ||||
| -askpw=any timeout=30 ] }  ";
 | ||||
| -static const char *nssDefaultFIPSFlags = "trustOrder=75 cipherOrder=100 \
 | ||||
| -slotParams={0x00000003=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,RANDOM \
 | ||||
| -askpw=any timeout=30 ] }  ";
 | ||||
| -
 | ||||
|  static char ** | ||||
|  get_list(char *filename, char *stripped_parameters) | ||||
|  { | ||||
| @@ -250,10 +263,15 @@ get_list(char *filename, char *stripped_
 | ||||
|      sysdb = getSystemDB(); | ||||
|      userdb = getUserDB(); | ||||
|   | ||||
| -    if (sysdb && !strcmp(filename, sysdb))
 | ||||
| -	    filename = NULL;
 | ||||
| -    if (userdb && !strcmp(filename, userdb))
 | ||||
| -	    filename = NULL;
 | ||||
| +    /* Using a NULL filename as a Boolean flag to
 | ||||
| +     * prevent registering both an application-defined
 | ||||
| +     * db and the system db. rhbz #546211.
 | ||||
| +     */
 | ||||
| +    PORT_Assert(filename);
 | ||||
| +    if (sysdb && PL_CompareStrings(filename, sysdb))
 | ||||
| +        filename = NULL;
 | ||||
| +    else if (userdb && PL_CompareStrings(filename, userdb))
 | ||||
| +        filename = NULL;
 | ||||
|   | ||||
|      /* Don't open root's user DB */ | ||||
|      if (userdb != NULL && !userIsRoot()) { | ||||
| @@ -262,9 +280,9 @@ get_list(char *filename, char *stripped_
 | ||||
|  	    "library= " | ||||
|  	    "module=\"NSS User database\" " | ||||
|  	    "parameters=\"configdir='sql:%s' %s tokenDescription='NSS user database'\" " | ||||
| -        "NSS=\"%sflags=internal%s\"",
 | ||||
| -        userdb, stripped_parameters, nssflags,
 | ||||
| -        isFIPS ? ",FIPS" : "");
 | ||||
| +            "NSS=\"%sflags=internal%s\"",
 | ||||
| +	    userdb, stripped_parameters, nssflags,
 | ||||
| +            isFIPS ? ",FIPS" : "");
 | ||||
|   | ||||
|  	/* now open the user's defined PKCS #11 modules */ | ||||
|  	/* skip the local user DB entry */ | ||||
| @@ -273,14 +291,14 @@ get_list(char *filename, char *stripped_
 | ||||
|  	    "module=\"NSS User database\" " | ||||
|  	    "parameters=\"configdir='sql:%s' %s\" " | ||||
|  	    "NSS=\"flags=internal,moduleDBOnly,defaultModDB,skipFirst\"",  | ||||
| -		userdb, stripped_parameters);
 | ||||
| +            userdb, stripped_parameters);
 | ||||
|  	} | ||||
|   | ||||
|      if (filename && !userIsRoot() && 0 | ||||
| -		/* This doesn't actually work. If we register
 | ||||
| -			 both this and the sysdb (in either order)
 | ||||
| -			 then only one of them actually shows up */) {
 | ||||
| -	    module_list[next++] = PR_smprintf(
 | ||||
| +	/* This doesn't actually work. If we register
 | ||||
| +	   both this and the sysdb (in either order)
 | ||||
| +	   then only one of them actually shows up */) {
 | ||||
| +	module_list[next++] = PR_smprintf(
 | ||||
|  	      "library= " | ||||
|  	      "module=\"NSS database\" " | ||||
|  	      "parameters=\"configdir='sql:%s' tokenDescription='NSS database sql:%s'\" " | ||||
							
								
								
									
										7
									
								
								nss.spec
									
									
									
									
									
								
							
							
						
						
									
										7
									
								
								nss.spec
									
									
									
									
									
								
							| @ -7,7 +7,7 @@ | ||||
| Summary:          Network Security Services | ||||
| Name:             nss | ||||
| Version:          3.12.5 | ||||
| Release:          1%{?dist}.13.2 | ||||
| Release:          1.1%{?dist} | ||||
| License:          MPLv1.1 or GPLv2+ or LGPLv2+ | ||||
| URL:              http://www.mozilla.org/projects/security/pki/nss/ | ||||
| Group:            System Environment/Libraries | ||||
| @ -47,6 +47,7 @@ Patch9:           540387.patch | ||||
| Patch10:          545779.patch | ||||
| Patch11:          546221.patch | ||||
| Patch12:          547860.patch | ||||
| Patch13:          553638.patch | ||||
| 
 | ||||
| %description | ||||
| Network Security Services (NSS) is a set of libraries designed to | ||||
| @ -119,6 +120,7 @@ low level services. | ||||
| %patch10 -p0 -b .545779 | ||||
| %patch11 -p1 -b .546221 | ||||
| %patch12 -p1 -b .547860 | ||||
| %patch13 -p1 -b .553638 | ||||
| 
 | ||||
| %build | ||||
| 
 | ||||
| @ -485,6 +487,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h | ||||
| 
 | ||||
| 
 | ||||
| %changelog | ||||
| * Tue Jan 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.5-1.1 | ||||
| - Fix SIGSEGV on call of NSS_Initialize (#553638) | ||||
| 
 | ||||
| * Wed Jan 06 2010 Elio Maldonado<emaldona@redhat.com> - 3.12.5-1.13.2 | ||||
| - New version of patch to allow root to modify ystem database (#547860) | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user