fix problems encountered in shell script. it appears that "echo nss > passfile" creates a file with 6 bytes on NT using the dos shell. the added bytes were causing problems with password files, which this while loop attempted to fix. however, it broke DER-encoded input that has added whitespace at the end. this checkin returns SECU_FileToItem to it's original state, which blindly accepts whitespace characters at the end of the file.

the second change is forced because SECITEM_AllocItem asserts dst->data == NULL, and many NSS utilities pass uninitialized SECItem's around.  In the future, those should be fixed, but for now zero the output buffer.

1 files changed, 4 insertions, 0 deletions

diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index e8c745495..5e74afadf 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -1053,10 +1053,14 @@ SECU_FileToItem(SECItem *dst, PRFileDesc *src)
 	goto loser;
     }
 
+    /* XXX workaround for 3.1, function needs to take a "chop" arg
     while (buf[numBytes-1] == '\r' || 
            buf[numBytes-1] == '\n' ||
            buf[numBytes-1] == '\0') numBytes--;
+    */
 
+    /* XXX workaround for 3.1, not all utils zero dst before sending */
+    dst->data = 0;
     if (!SECITEM_AllocItem(NULL, dst, numBytes))
 	goto loser;