bug#2097663

Fix crash when getting client cert and there is none in the database.
This commit is contained in:
Bob Relyea 2022-06-16 14:22:48 -07:00
parent e5848562c6
commit a9f44e8e59
2 changed files with 29 additions and 2 deletions

View File

@ -0,0 +1,23 @@
diff --git a/lib/ssl/authcert.c b/lib/ssl/authcert.c
--- a/lib/ssl/authcert.c
+++ b/lib/ssl/authcert.c
@@ -212,17 +212,17 @@ NSS_GetClientAuthData(void *arg,
pw_arg);
} else {
int nnames = 0;
char **names = ssl_DistNamesToStrings(caNames, &nnames);
rv = CERT_FilterCertListByCANames(certList, nnames, names,
certUsageSSLClient);
ssl_FreeDistNamesStrings(names, nnames);
}
- if ((rv != SECSuccess) || CERT_LIST_EMPTY(certList)) {
+ if ((rv != SECSuccess) || (certList && CERT_LIST_EMPTY(certList))) {
CERT_DestroyCertList(certList);
certList = NULL;
}
}
if (certList == NULL) {
/* no user certs meeting the nickname/usage requirements found */
return SECFailure;
}

View File

@ -3,7 +3,7 @@
# NOTE: To avoid NVR clashes of nspr* packages: # NOTE: To avoid NVR clashes of nspr* packages:
# - reset %%{nspr_release} to 1, when updating %%{nspr_version} # - reset %%{nspr_release} to 1, when updating %%{nspr_version}
# - increment %%{nspr_version}, when updating the NSS part only # - increment %%{nspr_version}, when updating the NSS part only
%global baserelease 1 %global baserelease 2
%global nss_release %baserelease %global nss_release %baserelease
# use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when # use "%%global nspr_release %%[%%baserelease+n]" to handle offsets when
# release number between nss and nspr are different. # release number between nss and nspr are different.
@ -131,6 +131,9 @@ Patch12: nss-signtool-format.patch
# fedora disabled dbm by default # fedora disabled dbm by default
Patch40: nss-no-dbm-man-page.patch Patch40: nss-no-dbm-man-page.patch
# upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=1774654
Patch50: nss-3.79-fix-client-cert-crash.patch
Patch100: nspr-config-pc.patch Patch100: nspr-config-pc.patch
Patch101: nspr-gcc-atomics.patch Patch101: nspr-gcc-atomics.patch
@ -1087,6 +1090,7 @@ update-crypto-policies &> /dev/null || :
%changelog %changelog
* Thu Jun 16 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-2
* Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1 * Tue May 31 2022 Bob Relyea <rrelyea@redhat.com> - 3.79.0-1
- Update to NSS 3.79 - Update to NSS 3.79
- Update to NSPR 4.34 - Update to NSPR 4.34