Fix SIGSEGV within CreateObject rhbz#596674

2010-06-07 04:41:51 +00:00 · 2010-06-07 04:41:51 +00:00 · fbbc54fbf1
commit fbbc54fbf1
parent 0b1d72fd87
2 changed files with 133 additions and 1 deletions
--- a/nss.spec
+++ b/nss.spec
@ -7,7 +7,7 @@
 Summary:          Network Security Services
 Name:             nss
 Version:          3.12.6
-Release:          5%{?dist}
+Release:          6%{?dist}
 License:          MPLv1.1 or GPLv2+ or LGPLv2+
 URL:              http://www.mozilla.org/projects/security/pki/nss/
 Group:            System Environment/Libraries
@ -44,6 +44,7 @@ Patch2:           nss-nolocalsql.patch
 Patch3:           renegotiate-transitional.patch
 Patch4:           validate-arguments.patch
 Patch6:           nss-enable-pem.patch
+Patch7:           nsspem-596674.patch

 %description
 Network Security Services (NSS) is a set of libraries designed to
@ -113,6 +114,7 @@ low level services.
 %patch3 -p0 -b .transitional
 %patch4 -p0 -b .validate
 %patch6 -p0 -b .libpem
+%patch7 -p0 -b .596674


 %build
@ -486,6 +488,9 @@ rm -rf $RPM_BUILD_ROOT/%{_includedir}/nss3/nsslowhash.h


 %changelog
+* Sun Jun 06 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-6
+- Fix SIGSEGV within CreateObject (#596674)
+
 * Sat Apr 12 2010 Elio Maldonado <emaldona@redhat.com> - 3.12.6-5
 - Update pem source tar to pick up the following bug fixes:
 - PEM - Allow collect objects to search through all objects
--- a/nsspem-596674.patch
+++ b/nsspem-596674.patch
@ -0,0 +1,127 @@
+diff -up ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783 ./mozilla/security/nss/lib/ckfw/pem/pinst.c
+--- ./mozilla/security/nss/lib/ckfw/pem/pinst.c.596783	2010-06-06 18:27:27.256318318 -0700
+++ ./mozilla/security/nss/lib/ckfw/pem/pinst.c	2010-06-06 20:45:28.158442982 -0700
+@@ -151,7 +151,7 @@ GetCertFields(unsigned char *cert, int c
+     buf = issuer->data + issuer->len;
+ 
+     /* only wanted issuer/SN */
+-    if (valid == NULL) {
+    if (subject == NULL || valid == NULL || subjkey == NULL) {
+         return SECSuccess;
+     }
+     /* validity */
+@@ -219,53 +219,93 @@ CreateObject(CK_OBJECT_CLASS objClass,
+         memset(&o->u.trust, 0, sizeof(o->u.trust));
+         break;
+     }
+
+    o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
+    if (o->nickname == NULL)
+        goto fail;
+    strcpy(o->nickname, nickname);
+
+    sprintf(id, "%d", objid);
+    len = strlen(id) + 1;       /* zero terminate */
+    o->id.data = (void *) nss_ZAlloc(NULL, len);
+    if (o->id.data == NULL)
+        goto fail;
+    (void) nsslibc_memcpy(o->id.data, id, len);
+    o->id.size = len;
+
+     o->objClass = objClass;
+     o->type = type;
+     o->slotID = slotID;
+
+     o->derCert = nss_ZNEW(NULL, SECItem);
+    if (o->derCert == NULL)
+        goto fail;
+     o->derCert->data = (void *) nss_ZAlloc(NULL, certDER->len);
+    if (o->derCert->data == NULL)
+        goto fail;
+     o->derCert->len = certDER->len;
+     nsslibc_memcpy(o->derCert->data, certDER->data, certDER->len);
+ 
+     switch (objClass) {
+     case CKO_CERTIFICATE:
+     case CKO_NETSCAPE_TRUST:
+-        GetCertFields(o->derCert->data,
+-                      o->derCert->len, &issuer, &serial,
+-                      &derSN, &subject, &valid, &subjkey);
+        if (SECSuccess != GetCertFields(o->derCert->data, o->derCert->len,
+                                        &issuer, &serial, &derSN, &subject,
+                                        &valid, &subjkey))
+            goto fail;
+ 
+         o->u.cert.subject.data = (void *) nss_ZAlloc(NULL, subject.len);
+        if (o->u.cert.subject.data == NULL)
+            goto fail;
+         o->u.cert.subject.size = subject.len;
+         nsslibc_memcpy(o->u.cert.subject.data, subject.data, subject.len);
+ 
+         o->u.cert.issuer.data = (void *) nss_ZAlloc(NULL, issuer.len);
+        if (o->u.cert.issuer.data == NULL) {
+            nss_ZFreeIf(o->u.cert.subject.data);
+            goto fail;
+        }
+         o->u.cert.issuer.size = issuer.len;
+         nsslibc_memcpy(o->u.cert.issuer.data, issuer.data, issuer.len);
+ 
+         o->u.cert.serial.data = (void *) nss_ZAlloc(NULL, serial.len);
+        if (o->u.cert.serial.data == NULL) {
+            nss_ZFreeIf(o->u.cert.issuer.data);
+            nss_ZFreeIf(o->u.cert.subject.data);
+            goto fail;
+        }
+         o->u.cert.serial.size = serial.len;
+         nsslibc_memcpy(o->u.cert.serial.data, serial.data, serial.len);
+         break;
+     case CKO_PRIVATE_KEY:
+         o->u.key.key.privateKey = nss_ZNEW(NULL, SECItem);
+        if (o->u.key.key.privateKey == NULL)
+            goto fail;
+         o->u.key.key.privateKey->data =
+             (void *) nss_ZAlloc(NULL, keyDER->len);
+        if (o->u.key.key.privateKey->data == NULL) {
+            nss_ZFreeIf(o->u.key.key.privateKey);
+            goto fail;
+        }
+         o->u.key.key.privateKey->len = keyDER->len;
+         nsslibc_memcpy(o->u.key.key.privateKey->data, keyDER->data,
+                        keyDER->len);
+     }
+ 
+-    o->nickname = (char *) nss_ZAlloc(NULL, strlen(nickname) + 1);
+-    strcpy(o->nickname, nickname);
+-
+-    sprintf(id, "%d", objid);
+-
+-    len = strlen(id) + 1;       /* zero terminate */
+-    o->id.data = (void *) nss_ZAlloc(NULL, len);
+-    (void) nsslibc_memcpy(o->id.data, id, len);
+-    o->id.size = len;
+ 
+     return o;
+
+fail:
+    if (o) {
+        if (o->derCert) {
+            nss_ZFreeIf(o->derCert->data);
+            nss_ZFreeIf(o->derCert);
+        }
+        nss_ZFreeIf(o->id.data);
+        nss_ZFreeIf(o->nickname);
+        nss_ZFreeIf(o);
+    }
+    return NULL;
+ }
+ 
+ pemInternalObject *
+@@ -306,6 +346,8 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objCla
+     /* object not found, we need to create it */
+     pemInternalObject *io = CreateObject(objClass, type, certDER, keyDER,
+                                          filename, objid, slotID);
+    if (io == NULL)
+        return NULL;
+ 
+     io->gobjIndex = count;
+