diff options
| author | nelsonb%netscape.com <devnull@localhost> | 2003-11-25 23:26:39 +0000 |
|---|---|---|
| committer | nelsonb%netscape.com <devnull@localhost> | 2003-11-25 23:26:39 +0000 |
| commit | d8f7a8ca8c7218359623e6989ee5a48a6d1c5c4f (patch) | |
| tree | aa535ec29ed59813ba81fa48a52d9312def5de19 | |
| parent | c75cb22eeccdd88065682303e8ec576b6085f4a8 (diff) | |
| parent | 021146f58014fa1d3368777bfe36eae7363f75cf (diff) | |
| download | nss-hg-d8f7a8ca8c7218359623e6989ee5a48a6d1c5c4f.tar.gz | |
This patch reduces the scope of many variables in cmsutil's decode function. It frees the signer's CN string after use.
Bugscape bug 54021. r=jpierre
| -rw-r--r-- | security/dbm/Makefile | 80 | ||||
| -rw-r--r-- | security/dbm/config/config.mk | 67 | ||||
| -rw-r--r-- | security/dbm/include/Makefile | 76 | ||||
| -rw-r--r-- | security/dbm/include/manifest.mn | 57 | ||||
| -rw-r--r-- | security/dbm/manifest.mn | 45 | ||||
| -rw-r--r-- | security/dbm/src/Makefile | 76 | ||||
| -rw-r--r-- | security/dbm/src/config.mk | 63 | ||||
| -rw-r--r-- | security/dbm/src/dirent.c | 348 | ||||
| -rw-r--r-- | security/dbm/src/dirent.h | 97 | ||||
| -rw-r--r-- | security/dbm/src/manifest.mn | 61 | ||||
| -rw-r--r-- | security/dbm/tests/Makefile | 69 | ||||
| -rw-r--r-- | security/nss/cmd/smimetools/cmsutil.c | 250 | ||||
| -rw-r--r-- | security/nss/lib/pk11wrap/pk11slot.c | 202 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmscipher.c | 1 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmsenvdata.c | 6 | ||||
| -rw-r--r-- | security/nss/lib/smime/cmspubkey.c | 9 | ||||
| -rw-r--r-- | security/nss/lib/util/secasn1d.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/util/secport.c | 5 |
18 files changed, 1341 insertions, 173 deletions
diff --git a/security/dbm/Makefile b/security/dbm/Makefile new file mode 100644 index 000000000..34cd6d899 --- /dev/null +++ b/security/dbm/Makefile @@ -0,0 +1,80 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + +coreconf_hack: + cd ../coreconf; gmake + gmake import + +RelEng_bld: coreconf_hack + gmake diff --git a/security/dbm/config/config.mk b/security/dbm/config/config.mk new file mode 100644 index 000000000..753364931 --- /dev/null +++ b/security/dbm/config/config.mk @@ -0,0 +1,67 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +# +# These macros are defined by mozilla's configure script. +# We define them manually here. +# + +DEFINES += -DSTDC_HEADERS -DHAVE_STRERROR + +# +# Most platforms have snprintf, so it's simpler to list the exceptions. +# +HAVE_SNPRINTF = 1 +# +# OSF1 V4.0D doesn't have snprintf but V5.0A does. +# +ifeq ($(OS_TARGET)$(OS_RELEASE),OSF1V4.0D) +HAVE_SNPRINTF = +endif +ifdef HAVE_SNPRINTF +DEFINES += -DHAVE_SNPRINTF +endif + +ifeq (,$(filter-out IRIX Linux,$(OS_TARGET))) +DEFINES += -DHAVE_SYS_CDEFS_H +endif + +ifeq (,$(filter-out DGUX NCR ReliantUNIX SCO_SV SCOOS UNIXWARE,$(OS_TARGET))) +DEFINES += -DHAVE_SYS_BYTEORDER_H +endif + +# +# None of the platforms that we are interested in need to +# define HAVE_MEMORY_H. +# diff --git a/security/dbm/include/Makefile b/security/dbm/include/Makefile new file mode 100644 index 000000000..ba4dd8ddf --- /dev/null +++ b/security/dbm/include/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + + + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + diff --git a/security/dbm/include/manifest.mn b/security/dbm/include/manifest.mn new file mode 100644 index 000000000..886fedd98 --- /dev/null +++ b/security/dbm/include/manifest.mn @@ -0,0 +1,57 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/include + +MODULE = dbm + +EXPORTS = nsres.h \ + cdefs.h \ + mcom_db.h \ + ncompat.h \ + winfile.h \ + $(NULL) + +PRIVATE_EXPORTS = hsearch.h \ + page.h \ + extern.h \ + ndbm.h \ + queue.h \ + hash.h \ + mpool.h \ + search.h \ + $(NULL) + diff --git a/security/dbm/manifest.mn b/security/dbm/manifest.mn new file mode 100644 index 000000000..11f4f4237 --- /dev/null +++ b/security/dbm/manifest.mn @@ -0,0 +1,45 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = .. + +MODULE = dbm + +IMPORTS = nspr20/v4.1.2 + +RELEASE = dbm + +DIRS = include \ + src \ + $(NULL) diff --git a/security/dbm/src/Makefile b/security/dbm/src/Makefile new file mode 100644 index 000000000..8fce98394 --- /dev/null +++ b/security/dbm/src/Makefile @@ -0,0 +1,76 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +####################################################################### +# (1) Include initial platform-independent assignments (MANDATORY). # +####################################################################### + +include manifest.mn + +####################################################################### +# (2) Include "global" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/config.mk + +####################################################################### +# (3) Include "component" configuration information. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/dbm/config/config.mk + +####################################################################### +# (4) Include "local" platform-dependent assignments (OPTIONAL). # +####################################################################### + +include config.mk + +####################################################################### +# (5) Execute "global" rules. (OPTIONAL) # +####################################################################### + +include $(CORE_DEPTH)/coreconf/rules.mk + +####################################################################### +# (6) Execute "component" rules. (OPTIONAL) # +####################################################################### + + + +####################################################################### +# (7) Execute "local" rules. (OPTIONAL). # +####################################################################### + + + diff --git a/security/dbm/src/config.mk b/security/dbm/src/config.mk new file mode 100644 index 000000000..370fd75d6 --- /dev/null +++ b/security/dbm/src/config.mk @@ -0,0 +1,63 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +DEFINES += -DMEMMOVE -D__DBINTERFACE_PRIVATE $(SECURITY_FLAG) + +INCLUDES += -I$(CORE_DEPTH)/../dbm/include + +# +# Currently, override TARGETS variable so that only static libraries +# are specifed as dependencies within rules.mk. +# + +TARGETS = $(LIBRARY) +SHARED_LIBRARY = +IMPORT_LIBRARY = +PURE_LIBRARY = +PROGRAM = + +ifdef SHARED_LIBRARY + ifeq (,$(filter-out WINNT WIN95 WINCE,$(OS_TARGET))) # list omits WIN16 + DLLBASE=/BASE:0x30000000 + RES=$(OBJDIR)/dbm.res + RESNAME=../include/dbm.rc + endif + ifeq ($(DLL_SUFFIX),dll) + DEFINES += -D_DLL + endif +endif + +ifeq ($(OS_TARGET),AIX) + OS_LIBS += -lc_r +endif diff --git a/security/dbm/src/dirent.c b/security/dbm/src/dirent.c new file mode 100644 index 000000000..001a48c5c --- /dev/null +++ b/security/dbm/src/dirent.c @@ -0,0 +1,348 @@ +#ifdef OS2 + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include <dirent.h> +#include <errno.h> + +/*#ifndef __EMX__ +#include <libx.h> +#endif */ + +#define INCL_DOSFILEMGR +#define INCL_DOSERRORS +#include <os2.h> + +#if OS2 >= 2 +# define FFBUF FILEFINDBUF3 +# define Word ULONG + /* + * LS20 recommends a request count of 100, but according to the + * APAR text it does not lead to missing files, just to funny + * numbers of returned entries. + * + * LS30 HPFS386 requires a count greater than 2, or some files + * are missing (those starting with a character less that '.'). + * + * Novell looses entries which overflow the buffer. In previous + * versions of dirent2, this could have lead to missing files + * when the average length of 100 directory entries was 40 bytes + * or more (quite unlikely for files on a Novell server). + * + * Conclusion: Make sure that the entries all fit into the buffer + * and that the buffer is large enough for more than 2 entries + * (each entry is at most 300 bytes long). And ignore the LS20 + * effect. + */ +# define Count 25 +# define BufSz (25 * (sizeof(FILEFINDBUF3)+1)) +#else +# define FFBUF FILEFINDBUF +# define Word USHORT +# define BufSz 1024 +# define Count 3 +#endif + +#if defined(__IBMC__) || defined(__IBMCPP__) + #define error(rc) _doserrno = rc, errno = EOS2ERR +#elif defined(MICROSOFT) + #define error(rc) _doserrno = rc, errno = 255 +#else + #define error(rc) errno = 255 +#endif + +struct _dirdescr { + HDIR handle; /* DosFindFirst handle */ + char fstype; /* filesystem type */ + Word count; /* valid entries in <ffbuf> */ + long number; /* absolute number of next entry */ + int index; /* relative number of next entry */ + FFBUF * next; /* pointer to next entry */ + char name[MAXPATHLEN+3]; /* directory name */ + unsigned attrmask; /* attribute mask for seekdir */ + struct dirent entry; /* buffer for directory entry */ + BYTE ffbuf[BufSz]; +}; + +/* + * Return first char of filesystem type, or 0 if unknown. + */ +static char +getFSType(const char *path) +{ + static char cache[1+26]; + char drive[3], info[512]; + Word unit, infolen; + char r; + + if (isalpha(path[0]) && path[1] == ':') { + unit = toupper(path[0]) - '@'; + path += 2; + } else { + ULONG driveMap; +#if OS2 >= 2 + if (DosQueryCurrentDisk(&unit, &driveMap)) +#else + if (DosQCurDisk(&unit, &driveMap)) +#endif + return 0; + } + + if ((path[0] == '\\' || path[0] == '/') + && (path[1] == '\\' || path[1] == '/')) + return 0; + + if (cache [unit]) + return cache [unit]; + + drive[0] = '@' + unit; + drive[1] = ':'; + drive[2] = '\0'; + infolen = sizeof info; +#if OS2 >= 2 + if (DosQueryFSAttach(drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen)) + return 0; + if (infolen >= sizeof(FSQBUFFER2)) { + FSQBUFFER2 *p = (FSQBUFFER2 *)info; + r = p->szFSDName[p->cbName]; + } else +#else + if (DosQFSAttach((PSZ)drive, 0, FSAIL_QUERYNAME, (PVOID)info, &infolen, 0)) + return 0; + if (infolen >= 9) { + char *p = info + sizeof(USHORT); + p += sizeof(USHORT) + *(USHORT *)p + 1 + sizeof(USHORT); + r = *p; + } else +#endif + r = 0; + return cache [unit] = r; +} + +char * +abs_path(const char *name, char *buffer, int len) +{ + char buf[4]; + if (isalpha(name[0]) && name[1] == ':' && name[2] == '\0') { + buf[0] = name[0]; + buf[1] = name[1]; + buf[2] = '.'; + buf[3] = '\0'; + name = buf; + } +#if OS2 >= 2 + if (DosQueryPathInfo((PSZ)name, FIL_QUERYFULLNAME, buffer, len)) +#else + if (DosQPathInfo((PSZ)name, FIL_QUERYFULLNAME, (PBYTE)buffer, len, 0L)) +#endif + return NULL; + return buffer; +} + +DIR * +openxdir(const char *path, unsigned att_mask) +{ + DIR *dir; + char name[MAXPATHLEN+3]; + Word rc; + + dir = malloc(sizeof(DIR)); + if (dir == NULL) { + errno = ENOMEM; + return NULL; + } + + strncpy(name, path, MAXPATHLEN); + name[MAXPATHLEN] = '\0'; + switch (name[strlen(name)-1]) { + default: + strcat(name, "\\"); + case '\\': + case '/': + case ':': + ; + } + strcat(name, "."); + if (!abs_path(name, dir->name, MAXPATHLEN+1)) + strcpy(dir->name, name); + if (dir->name[strlen(dir->name)-1] == '\\') + strcat(dir->name, "*"); + else + strcat(dir->name, "\\*"); + + dir->fstype = getFSType(dir->name); + dir->attrmask = att_mask | A_DIR; + + dir->handle = HDIR_CREATE; + dir->count = 100; +#if OS2 >= 2 + rc = DosFindFirst(dir->name, &dir->handle, dir->attrmask, + dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); +#else + rc = DosFindFirst((PSZ)dir->name, &dir->handle, dir->attrmask, + (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); +#endif + switch (rc) { + default: + free(dir); + error(rc); + return NULL; + case NO_ERROR: + case ERROR_NO_MORE_FILES: + ; + } + + dir->number = 0; + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + + return (DIR *)dir; +} + +DIR * +opendir(const char *pathname) +{ + return openxdir(pathname, 0); +} + +struct dirent * +readdir(DIR *dir) +{ + static int dummy_ino = 2; + + if (dir->index == dir->count) { + Word rc; + dir->count = 100; +#if OS2 >= 2 + rc = DosFindNext(dir->handle, dir->ffbuf, + sizeof dir->ffbuf, &dir->count); +#else + rc = DosFindNext(dir->handle, (PFILEFINDBUF)dir->ffbuf, + sizeof dir->ffbuf, &dir->count); +#endif + if (rc) { + error(rc); + return NULL; + } + + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + } + + if (dir->index == dir->count) + return NULL; + + memcpy(dir->entry.d_name, dir->next->achName, dir->next->cchName); + dir->entry.d_name[dir->next->cchName] = '\0'; + dir->entry.d_ino = dummy_ino++; + dir->entry.d_reclen = dir->next->cchName; + dir->entry.d_namlen = dir->next->cchName; + dir->entry.d_size = dir->next->cbFile; + dir->entry.d_attribute = dir->next->attrFile; + dir->entry.d_time = *(USHORT *)&dir->next->ftimeLastWrite; + dir->entry.d_date = *(USHORT *)&dir->next->fdateLastWrite; + + switch (dir->fstype) { + case 'F': /* FAT */ + case 'C': /* CDFS */ + if (dir->next->attrFile & FILE_DIRECTORY) + strupr(dir->entry.d_name); + else + strlwr(dir->entry.d_name); + } + +#if OS2 >= 2 + dir->next = (FFBUF *)((BYTE *)dir->next + dir->next->oNextEntryOffset); +#else + dir->next = (FFBUF *)((BYTE *)dir->next->achName + dir->next->cchName + 1); +#endif + ++dir->number; + ++dir->index; + + return &dir->entry; +} + +long +telldir(DIR *dir) +{ + return dir->number; +} + +void +seekdir(DIR *dir, long off) +{ + if (dir->number > off) { + char name[MAXPATHLEN+2]; + Word rc; + + DosFindClose(dir->handle); + + strcpy(name, dir->name); + strcat(name, "*"); + + dir->handle = HDIR_CREATE; + dir->count = 32767; +#if OS2 >= 2 + rc = DosFindFirst(name, &dir->handle, dir->attrmask, + dir->ffbuf, sizeof dir->ffbuf, &dir->count, FIL_STANDARD); +#else + rc = DosFindFirst((PSZ)name, &dir->handle, dir->attrmask, + (PFILEFINDBUF)dir->ffbuf, sizeof dir->ffbuf, &dir->count, 0); +#endif + switch (rc) { + default: + error(rc); + return; + case NO_ERROR: + case ERROR_NO_MORE_FILES: + ; + } + + dir->number = 0; + dir->index = 0; + dir->next = (FFBUF *)dir->ffbuf; + } + + while (dir->number < off && readdir(dir)) + ; +} + +void +closedir(DIR *dir) +{ + DosFindClose(dir->handle); + free(dir); +} + +/*****************************************************************************/ + +#ifdef TEST + +main(int argc, char **argv) +{ + int i; + DIR *dir; + struct dirent *ep; + + for (i = 1; i < argc; ++i) { + dir = opendir(argv[i]); + if (!dir) + continue; + while (ep = readdir(dir)) + if (strchr("\\/:", argv[i] [strlen(argv[i]) - 1])) + printf("%s%s\n", argv[i], ep->d_name); + else + printf("%s/%s\n", argv[i], ep->d_name); + closedir(dir); + } + + return 0; +} + +#endif + +#endif /* OS2 */ + diff --git a/security/dbm/src/dirent.h b/security/dbm/src/dirent.h new file mode 100644 index 000000000..07a6c0ac8 --- /dev/null +++ b/security/dbm/src/dirent.h @@ -0,0 +1,97 @@ +#ifndef __DIRENT_H__ +#define __DIRENT_H__ +/* + * @(#)msd_dir.h 1.4 87/11/06 Public Domain. + * + * A public domain implementation of BSD directory routines for + * MS-DOS. Written by Michael Rendell ({uunet,utai}michael@garfield), + * August 1897 + * + * Extended by Peter Lim (lim@mullian.oz) to overcome some MS DOS quirks + * and returns 2 more pieces of information - file size & attribute. + * Plus a little reshuffling of some #define's positions December 1987 + * + * Some modifications by Martin Junius 02-14-89 + * + * AK900712 + * AK910410 abs_path - make absolute path + * + */ + +#ifdef __EMX__ +#include <sys/param.h> +#else +#if defined(__IBMC__) || defined(__IBMCPP__) || defined(XP_W32_MSVC) +#include <stdio.h> +#ifdef MAXPATHLEN + #undef MAXPATHLEN +#endif +#define MAXPATHLEN (FILENAME_MAX*4) +#define MAXNAMLEN FILENAME_MAX + +#else +#include <param.h> +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +/* attribute stuff */ +#ifndef A_RONLY +# define A_RONLY 0x01 +# define A_HIDDEN 0x02 +# define A_SYSTEM 0x04 +# define A_LABEL 0x08 +# define A_DIR 0x10 +# define A_ARCHIVE 0x20 +#endif + +struct dirent { +#if defined(OS2) || defined(WIN32) /* use the layout of EMX to avoid trouble */ + int d_ino; /* Dummy */ + int d_reclen; /* Dummy, same as d_namlen */ + int d_namlen; /* length of name */ + char d_name[MAXNAMLEN + 1]; + unsigned long d_size; + unsigned short d_attribute; /* attributes (see above) */ + unsigned short d_time; /* modification time */ + unsigned short d_date; /* modification date */ +#else + char d_name[MAXNAMLEN + 1]; /* garentee null termination */ + char d_attribute; /* .. extension .. */ + unsigned long d_size; /* .. extension .. */ +#endif +}; + +typedef struct _dirdescr DIR; +/* the structs do not have to be defined here */ + +extern DIR *opendir(const char *); +extern DIR *openxdir(const char *, unsigned); +extern struct dirent *readdir(DIR *); +extern void seekdir(DIR *, long); +extern long telldir(DIR *); +extern void closedir(DIR *); +#define rewinddir(dirp) seekdir(dirp, 0L) + +extern char * abs_path(const char *name, char *buffer, int len); + +#ifndef S_IFMT +#define S_IFMT ( S_IFDIR | S_IFREG ) +#endif + +#ifndef S_ISDIR +#define S_ISDIR( m ) (((m) & S_IFMT) == S_IFDIR) +#endif + +#ifndef S_ISREG +#define S_ISREG( m ) (((m) & S_IFMT) == S_IFREG) +#endif + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/security/dbm/src/manifest.mn b/security/dbm/src/manifest.mn new file mode 100644 index 000000000..80f2abfd0 --- /dev/null +++ b/security/dbm/src/manifest.mn @@ -0,0 +1,61 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# + +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/src + +MODULE = dbm + +# +# memmove.c, snprintf.c, and strerror.c are not in CSRCS because +# the Standard C Library has memmove and strerror and DBM is not +# using snprintf. +# + +CSRCS = db.c \ + h_bigkey.c \ + h_func.c \ + h_log2.c \ + h_page.c \ + hash.c \ + hash_buf.c \ + hsearch.c \ + mktemp.c \ + ndbm.c \ + nsres.c \ + dirent.c \ + $(NULL) + +LIBRARY_NAME = dbm diff --git a/security/dbm/tests/Makefile b/security/dbm/tests/Makefile new file mode 100644 index 000000000..fe132e19c --- /dev/null +++ b/security/dbm/tests/Makefile @@ -0,0 +1,69 @@ +#! gmake +# +# The contents of this file are subject to the Mozilla Public +# License Version 1.1 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of +# the License at http://www.mozilla.org/MPL/ +# +# Software distributed under the License is distributed on an "AS +# IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or +# implied. See the License for the specific language governing +# rights and limitations under the License. +# +# The Original Code is the Netscape security libraries. +# +# The Initial Developer of the Original Code is Netscape +# Communications Corporation. Portions created by Netscape are +# Copyright (C) 1994-2000 Netscape Communications Corporation. All +# Rights Reserved. +# +# Contributor(s): +# +# Alternatively, the contents of this file may be used under the +# terms of the GNU General Public License Version 2 or later (the +# "GPL"), in which case the provisions of the GPL are applicable +# instead of those above. If you wish to allow use of your +# version of this file only under the terms of the GPL and not to +# allow others to use your version of this file under the MPL, +# indicate your decision by deleting the provisions above and +# replace them with the notice and other provisions required by +# the GPL. If you do not delete the provisions above, a recipient +# may use your version of this file under either the MPL or the +# GPL. +# +DEPTH = ../.. +CORE_DEPTH = ../.. + +VPATH = $(CORE_DEPTH)/../dbm/tests + +MODULE = dbm + +CSRCS = lots.c + +PROGRAM = lots + +include $(DEPTH)/coreconf/config.mk + +include $(DEPTH)/dbm/config/config.mk + +ifeq (,$(filter-out WIN%,$(OS_TARGET))) +LIBDBM = ../src/$(PLATFORM)/dbm$(STATIC_LIB_SUFFIX) +else +LIBDBM = ../src/$(PLATFORM)/libdbm$(STATIC_LIB_SUFFIX) +endif + +INCLUDES += -I$(CORE_DEPTH)/../dbm/include + +LDFLAGS = $(LDOPTS) $(LIBDBM) + +include $(DEPTH)/coreconf/rules.mk + +lots.pure: lots + purify $(CC) -o lots.pure $(CFLAGS) $(OBJS) $(MYLIBS) + +crash: crash.o $(MYLIBS) + $(CC) -o crash $(CFLAGS) $^ + +crash.pure: crash.o $(MYLIBS) + purify $(CC) -o crash.pure $(CFLAGS) $^ + diff --git a/security/nss/cmd/smimetools/cmsutil.c b/security/nss/cmd/smimetools/cmsutil.c index 6b7a06b21..aacaaaa19 100644 --- a/security/nss/cmd/smimetools/cmsutil.c +++ b/security/nss/cmd/smimetools/cmsutil.c @@ -105,6 +105,7 @@ Usage(char *progName) "Usage: %s [-C|-D|-E|-O|-S] [<options>] [-d dbdir] [-u certusage]\n" " -C create a CMS encrypted data message\n" " -D decode a CMS message\n" +" -b decode a batch of files named in infile\n" " -c content use this detached content\n" " -n suppress output of content\n" " -h num display num levels of CMS message info as email headers\n" @@ -155,7 +156,7 @@ struct optionsStr { struct decodeOptionsStr { struct optionsStr *options; - PRFileDesc *contentFile; + SECItem content; int headerLevel; PRBool suppressContent; NSSCMSGetDecryptKeyCallback dkcb; @@ -195,22 +196,14 @@ struct encryptOptionsStr { }; static NSSCMSMessage * -decode(FILE *out, SECItem *output, SECItem *input, - const struct decodeOptionsStr *decodeOptions) +decode(FILE *out, SECItem *input, const struct decodeOptionsStr *decodeOptions) { NSSCMSDecoderContext *dcx; NSSCMSMessage *cmsg; - NSSCMSContentInfo *cinfo; - NSSCMSSignedData *sigd = NULL; - NSSCMSEnvelopedData *envd; - NSSCMSEncryptedData *encd; - int nlevels, i, nsigners, j; - char *signercn; - NSSCMSSignerInfo *si; - SECOidTag typetag; - SECItem **digests; + int nlevels, i; SECItem sitem = { 0, 0, 0 }; + PORT_SetError(0); dcx = NSS_CMSDecoder_Start(NULL, NULL, NULL, /* content callback */ pwcb, pwcb_arg, /* password callback */ @@ -230,6 +223,9 @@ decode(FILE *out, SECItem *output, SECItem *input, nlevels = NSS_CMSMessage_ContentLevelCount(cmsg); for (i = 0; i < nlevels; i++) { + NSSCMSContentInfo *cinfo; + SECOidTag typetag; + cinfo = NSS_CMSMessage_ContentLevel(cmsg, i); typetag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); @@ -238,25 +234,28 @@ decode(FILE *out, SECItem *output, SECItem *input, switch (typetag) { case SEC_OID_PKCS7_SIGNED_DATA: + { + NSSCMSSignedData *sigd = NULL; + SECItem **digests; + int nsigners; + int j; + if (decodeOptions->headerLevel >= 0) fprintf(out, "type=signedData; "); sigd = (NSSCMSSignedData *)NSS_CMSContentInfo_GetContent(cinfo); if (sigd == NULL) { - SECU_PrintError(progName, - "problem finding signedData component"); + SECU_PrintError(progName, "signedData component missing"); goto loser; } /* if we have a content file, but no digests for this signedData */ - if (decodeOptions->contentFile != NULL && + if (decodeOptions->content.data != NULL && !NSS_CMSSignedData_HasDigests(sigd)) { PLArenaPool *poolp; SECAlgorithmID **digestalgs; /* detached content: grab content file */ - if (!sitem.data) { - SECU_FileToItem(&sitem, decodeOptions->contentFile); - } + sitem = decodeOptions->content; if ((poolp = PORT_NewArena(1024)) == NULL) { fprintf(stderr, "cmsutil: Out of memory.\n"); @@ -318,16 +317,23 @@ decode(FILE *out, SECItem *output, SECItem *input, } for (j = 0; j < nsigners; j++) { - SECStatus bad; - NSSCMSVerificationStatus vs; const char * svs; + NSSCMSSignerInfo *si; + NSSCMSVerificationStatus vs; + SECStatus bad; si = NSS_CMSSignedData_GetSignerInfo(sigd, j); - signercn = NSS_CMSSignerInfo_GetSignerCommonName(si); - if (signercn == NULL) - signercn = ""; - if (decodeOptions->headerLevel >= 0) + if (decodeOptions->headerLevel >= 0) { + char *signercn; + static char empty[] = { "" }; + + signercn = NSS_CMSSignerInfo_GetSignerCommonName(si); + if (signercn == NULL) + signercn = empty; fprintf(out, "\n\t\tsigner%d.id=\"%s\"; ", j, signercn); + if (signercn != empty) + PORT_Free(signercn); + } bad = NSS_CMSSignedData_VerifySignerInfo(sigd, j, decodeOptions->options->certHandle, decodeOptions->options->certUsage); @@ -341,17 +347,32 @@ decode(FILE *out, SECItem *output, SECItem *input, goto loser; } } - break; + } + break; case SEC_OID_PKCS7_ENVELOPED_DATA: + { + NSSCMSEnvelopedData *envd; if (decodeOptions->headerLevel >= 0) fprintf(out, "type=envelopedData; "); envd = (NSSCMSEnvelopedData *)NSS_CMSContentInfo_GetContent(cinfo); - break; + if (envd == NULL) { + SECU_PrintError(progName, "envelopedData component missing"); + goto loser; + } + } + break; case SEC_OID_PKCS7_ENCRYPTED_DATA: + { + NSSCMSEncryptedData *encd; if (decodeOptions->headerLevel >= 0) fprintf(out, "type=encryptedData; "); encd = (NSSCMSEncryptedData *)NSS_CMSContentInfo_GetContent(cinfo); - break; + if (encd == NULL) { + SECU_PrintError(progName, "encryptedData component missing"); + goto loser; + } + } + break; case SEC_OID_PKCS7_DATA: if (decodeOptions->headerLevel >= 0) fprintf(out, "type=data; "); @@ -363,11 +384,12 @@ decode(FILE *out, SECItem *output, SECItem *input, fprintf(out, "\n"); } - if (!decodeOptions->suppressContent) { - SECItem *item = (sitem.data) - ? &sitem - : NSS_CMSMessage_GetContent(cmsg); - SECITEM_CopyItem(NULL, output, item); + if (!decodeOptions->suppressContent && out) { + SECItem *item = (sitem.data ? &sitem + : NSS_CMSMessage_GetContent(cmsg)); + if (item && item->data && item->len) { + fwrite(item->data, item->len, 1, out); + } } return cmsg; @@ -953,8 +975,87 @@ loser: return NULL; } +static char * +pl_fgets(char * buf, int size, PRFileDesc * fd) +{ + char * bp = buf; + int nb = 0;; + + while (size > 1) { + nb = PR_Read(fd, bp, 1); + if (nb < 0) { + /* deal with error */ + return NULL; + } else if (nb == 0) { + /* deal with EOF */ + return NULL; + } else if (*bp == '\n') { + /* deal with EOL */ + ++bp; /* keep EOL character */ + break; + } else { + /* ordinary character */ + ++bp; + --size; + } + } + *bp = '\0'; + return buf; +} + typedef enum { UNKNOWN, DECODE, SIGN, ENCRYPT, ENVELOPE, CERTSONLY } Mode; +static int +doBatchDecode(FILE *outFile, PRFileDesc *batchFile, + const struct decodeOptionsStr *decodeOptions) +{ + char * str; + int exitStatus = 0; + char batchLine[512]; + + while (NULL != (str = pl_fgets(batchLine, sizeof batchLine, batchFile))) { + NSSCMSMessage *cmsg = NULL; + PRFileDesc * inFile; + int len = strlen(str); + SECStatus rv; + SECItem input = {0, 0, 0}; + char cc; + + while (len > 0 && + ((cc = str[len - 1]) == '\n' || cc == '\r')) { + str[--len] = '\0'; + } + if (!len) /* skip empty line */ + continue; + if (str[0] == '#') + continue; /* skip comment line */ + fprintf(outFile, "========== %s ==========\n", str); + inFile = PR_Open(str, PR_RDONLY, 00660); + if (inFile == NULL) { + fprintf(outFile, "%s: unable to open \"%s\" for reading\n", + progName, str); + exitStatus = 1; + continue; + } + rv = SECU_FileToItem(&input, inFile); + PR_Close(inFile); + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read infile"); + exitStatus = 1; + continue; + } + cmsg = decode(outFile, &input, decodeOptions); + SECITEM_FreeItem(&input, PR_FALSE); + if (cmsg) + NSS_CMSMessage_Destroy(cmsg); + else { + SECU_PrintError(progName, "problem decoding"); + exitStatus = 1; + } + } + return exitStatus; +} + int main(int argc, char **argv) { @@ -976,10 +1077,10 @@ main(int argc, char **argv) char *str, *tok; char *envFileName; SECItem input = { 0, 0, 0}; - SECItem output = { 0, 0, 0}; - SECItem dummy = { 0, 0, 0 }; SECItem envmsg = { 0, 0, 0 }; SECStatus rv; + PRFileDesc *contentFile = NULL; + PRBool batch = PR_FALSE; progName = strrchr(argv[0], '/'); if (!progName) @@ -990,7 +1091,8 @@ main(int argc, char **argv) outFile = stdout; envFileName = NULL; mode = UNKNOWN; - decodeOptions.contentFile = NULL; + decodeOptions.content.data = NULL; + decodeOptions.content.len = 0; decodeOptions.suppressContent = PR_FALSE; decodeOptions.headerLevel = -1; options.certUsage = certUsageEmailSigner; @@ -1013,7 +1115,7 @@ main(int argc, char **argv) * Parse command line arguments */ optstate = PL_CreateOptState(argc, argv, - "CDEGH:N:OPSTY:c:d:e:h:i:no:p:r:s:u:v"); + "CDEGH:N:OPSTY:bc:d:e:h:i:no:p:r:s:u:v"); while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { switch (optstate->option) { case 'C': @@ -1112,6 +1214,17 @@ main(int argc, char **argv) signOptions.encryptionKeyPreferenceNick = strdup(optstate->value); break; + case 'b': + if (mode != DECODE) { + fprintf(stderr, + "%s: option -b only supported with option -D.\n", + progName); + Usage(progName); + exit(1); + } + batch = PR_TRUE; + break; + case 'c': if (mode != DECODE) { fprintf(stderr, @@ -1120,12 +1233,25 @@ main(int argc, char **argv) Usage(progName); exit(1); } - if ((decodeOptions.contentFile = - PR_Open(optstate->value, PR_RDONLY, 006600)) == NULL) { + contentFile = PR_Open(optstate->value, PR_RDONLY, 006600); + if (contentFile == NULL) { fprintf(stderr, "%s: unable to open \"%s\" for reading.\n", progName, optstate->value); exit(1); } + + rv = SECU_FileToItem(&decodeOptions.content, contentFile); + PR_Close(contentFile); + if (rv != SECSuccess) { + SECU_PrintError(progName, "problem reading content file"); + exit(1); + } + if (!decodeOptions.content.data) { + /* file was zero length */ + decodeOptions.content.data = (unsigned char *)PORT_Strdup(""); + decodeOptions.content.len = 0; + } + break; case 'd': SECU_ConfigDirectory(optstate->value); @@ -1227,10 +1353,16 @@ main(int argc, char **argv) if (mode == UNKNOWN) Usage(progName); - if (mode != CERTSONLY) - SECU_FileToItem(&input, inFile); - if (inFile != PR_STDIN) - PR_Close(inFile); + if (mode != CERTSONLY && !batch) { + rv = SECU_FileToItem(&input, inFile); + if (rv != SECSuccess) { + SECU_PrintError(progName, "unable to read infile"); + exit(1); + } + if (inFile != PR_STDIN) { + PR_Close(inFile); + } + } if (cms_verbose) { fprintf(stderr, "received commands\n"); } @@ -1289,8 +1421,7 @@ main(int argc, char **argv) */ SECU_FileToItem(&envmsg, encryptOptions.envFile); decodeOptions.options = &options; - encryptOptions.envmsg = decode(NULL, &dummy, &envmsg, - &decodeOptions); + encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions); if (!encryptOptions.envmsg) { SECU_PrintError(progName, "problem decoding env msg"); exitstatus = 1; @@ -1300,12 +1431,18 @@ main(int argc, char **argv) decodeOptions.dkcb = dkcb; decodeOptions.bulkkey = encryptOptions.bulkkey; } - cmsg = decode(outFile, &output, &input, &decodeOptions); - if (!cmsg) { - SECU_PrintError(progName, "problem decoding"); - exitstatus = 1; + if (!batch) { + cmsg = decode(outFile, &input, &decodeOptions); + if (!cmsg) { + SECU_PrintError(progName, "problem decoding"); + exitstatus = 1; + } + } else { + exitstatus = doBatchDecode(outFile, inFile, &decodeOptions); + if (inFile != PR_STDIN) { + PR_Close(inFile); + } } - fwrite(output.data, output.len, 1, outFile); break; case SIGN: /* -S */ signOptions.options = &options; @@ -1338,8 +1475,7 @@ main(int argc, char **argv) } else { SECU_FileToItem(&envmsg, encryptOptions.envFile); decodeOptions.options = &options; - encryptOptions.envmsg = decode(NULL, &dummy, &envmsg, - &decodeOptions); + encryptOptions.envmsg = decode(NULL, &envmsg, &decodeOptions); if (encryptOptions.envmsg == NULL) { SECU_PrintError(progName, "problem decrypting env msg"); exitstatus = 1; @@ -1433,7 +1569,6 @@ main(int argc, char **argv) if (cms_verbose) { fprintf(stderr, "encoding passed\n"); } - /*PR_Write(output.data, output.len);*/ fwrite(output.data, output.len, 1, outFile); if (cms_verbose) { fprintf(stderr, "wrote to file\n"); @@ -1445,10 +1580,13 @@ main(int argc, char **argv) if (outFile != stdout) fclose(outFile); - if (decodeOptions.contentFile) - PR_Close(decodeOptions.contentFile); + SECITEM_FreeItem(&decodeOptions.content, PR_FALSE); + SECITEM_FreeItem(&envmsg, PR_FALSE); + SECITEM_FreeItem(&input, PR_FALSE); if (NSS_Shutdown() != SECSuccess) { - exit(1); + SECU_PrintError(progName, "NSS_Shutdown failed"); + exitstatus = 1; } - exit(exitstatus); + PR_Cleanup(); + return exitstatus; } diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c index 7533f61c6..d5a2f6f5d 100644 --- a/security/nss/lib/pk11wrap/pk11slot.c +++ b/security/nss/lib/pk11wrap/pk11slot.c @@ -2852,11 +2852,10 @@ PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key, if (size > tableSize) { int oldTableSize = tableSize; tableSize += 10; - newt = (pk11MechanismData *) - PORT_Alloc(tableSize*sizeof(pk11MechanismData)); + newt = PORT_NewArray(pk11MechanismData, tableSize); if (newt == NULL) return; - if (old) PORT_Memcpy(newt,old,oldTableSize*sizeof(pk11MechanismData)); + if (old) PORT_Memcpy(newt, old, oldTableSize*sizeof(*newt)); } else old = NULL; newt[entry].type = type; @@ -2936,6 +2935,8 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len) case CKM_AES_MAC_GENERAL: case CKM_AES_CBC_PAD: case CKM_AES_KEY_GEN: + case CKM_NETSCAPE_AES_KEY_WRAP: + case CKM_NETSCAPE_AES_KEY_WRAP_PAD: return CKK_AES; case CKM_DES_ECB: case CKM_DES_CBC: @@ -3768,120 +3769,109 @@ static unsigned long rc2_unmap(unsigned long x) SECItem * PK11_ParamFromAlgid(SECAlgorithmID *algid) { - CK_RC2_CBC_PARAMS *rc2_params = NULL; - CK_RC2_PARAMS *rc2_ecb_params = NULL; - CK_RC5_CBC_PARAMS *rc5_params_cbc; - CK_RC5_PARAMS *rc5_params_ecb; - SECItem iv; - sec_rc2cbcParameter rc2; - sec_rc5cbcParameter rc5; - SECItem *mech; - CK_MECHANISM_TYPE type; - SECOidTag algtag; - SECStatus rv; + CK_RC2_CBC_PARAMS * rc2_cbc_params = NULL; + CK_RC2_PARAMS * rc2_ecb_params = NULL; + CK_RC5_CBC_PARAMS * rc5_cbc_params = NULL; + CK_RC5_PARAMS * rc5_ecb_params = NULL; + PRArenaPool * arena = NULL; + SECItem * mech = NULL; + SECOidTag algtag; + SECStatus rv; + CK_MECHANISM_TYPE type; + /* initialize these to prevent UMRs in the ASN1 decoder. */ + SECItem iv = {siBuffer, NULL, 0}; + sec_rc2cbcParameter rc2 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0} }; + sec_rc5cbcParameter rc5 = { {siBuffer, NULL, 0}, {siBuffer, NULL, 0}, + {siBuffer, NULL, 0}, {siBuffer, NULL, 0} }; algtag = SECOID_GetAlgorithmTag(algid); type = PK11_AlgtagToMechanism(algtag); - mech = (SECItem *) PORT_Alloc(sizeof(SECItem)); - if (mech == NULL) return NULL; + mech = PORT_New(SECItem); + if (mech == NULL) { + return NULL; + } mech->type = siBuffer; + mech->data = NULL; + mech->len = 0; + arena = PORT_NewArena(1024); + if (!arena) { + goto loser; + } /* handle the complicated cases */ switch (type) { case CKM_RC2_ECB: - rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2ecb_parameter_template, + rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2ecb_parameter_template, &(algid->parameters)); if (rv != SECSuccess) { - PORT_Free(mech); - return NULL; + goto loser; } - rc2_ecb_params = (CK_RC2_PARAMS *)PORT_Alloc(sizeof(CK_RC2_PARAMS)); + rc2_ecb_params = PORT_New(CK_RC2_PARAMS); if (rc2_ecb_params == NULL) { - PORT_Free(rc2.rc2ParameterVersion.data); - PORT_Free(mech); - return NULL; + goto loser; } *rc2_ecb_params = rc2_map(&rc2.rc2ParameterVersion); - PORT_Free(rc2.rc2ParameterVersion.data); mech->data = (unsigned char *) rc2_ecb_params; - mech->len = sizeof(CK_RC2_PARAMS); - return mech; + mech->len = sizeof *rc2_ecb_params; + break; case CKM_RC2_CBC: case CKM_RC2_CBC_PAD: - rv = SEC_ASN1DecodeItem(NULL, &rc2 ,sec_rc2cbc_parameter_template, + rv = SEC_ASN1DecodeItem(arena, &rc2 ,sec_rc2cbc_parameter_template, &(algid->parameters)); if (rv != SECSuccess) { - PORT_Free(mech); - return NULL; + goto loser; } - rc2_params = (CK_RC2_CBC_PARAMS *)PORT_Alloc(sizeof(CK_RC2_CBC_PARAMS)); - if (rc2_params == NULL) { - PORT_Free(rc2.iv.data); - PORT_Free(rc2.rc2ParameterVersion.data); - PORT_Free(mech); - return NULL; + rc2_cbc_params = PORT_New(CK_RC2_CBC_PARAMS); + if (rc2_cbc_params == NULL) { + goto loser; } - rc2_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion); - PORT_Free(rc2.rc2ParameterVersion.data); - PORT_Memcpy(rc2_params->iv,rc2.iv.data,sizeof(rc2_params->iv)); - PORT_Free(rc2.iv.data); - mech->data = (unsigned char *) rc2_params; - mech->len = sizeof(CK_RC2_CBC_PARAMS); - return mech; + mech->data = (unsigned char *) rc2_cbc_params; + mech->len = sizeof *rc2_cbc_params; + rc2_cbc_params->ulEffectiveBits = rc2_map(&rc2.rc2ParameterVersion); + if (rc2.iv.len != sizeof rc2_cbc_params->iv) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + goto loser; + } + PORT_Memcpy(rc2_cbc_params->iv, rc2.iv.data, rc2.iv.len); + break; case CKM_RC5_ECB: - rv = SEC_ASN1DecodeItem(NULL, &rc5 ,sec_rc5ecb_parameter_template, + rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5ecb_parameter_template, &(algid->parameters)); if (rv != SECSuccess) { - PORT_Free(mech); - return NULL; + goto loser; } - rc5_params_ecb=(CK_RC5_PARAMS *)PORT_Alloc(sizeof(CK_RC5_PARAMS)); - PORT_Free(rc5.version.data); - if (rc5_params_ecb == NULL) { - PORT_Free(rc5.rounds.data); - PORT_Free(rc5.blockSizeInBits.data); - PORT_Free(mech); - return NULL; + rc5_ecb_params = PORT_New(CK_RC5_PARAMS); + if (rc5_ecb_params == NULL) { + goto loser; } - rc5_params_ecb->ulRounds = DER_GetInteger(&rc5.rounds); - rc5_params_ecb->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8; - PORT_Free(rc5.rounds.data); - PORT_Free(rc5.blockSizeInBits.data); - mech->data = (unsigned char *) rc5_params_ecb; - mech->len = sizeof(CK_RC5_PARAMS); - return mech; + rc5_ecb_params->ulRounds = DER_GetInteger(&rc5.rounds); + rc5_ecb_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8; + mech->data = (unsigned char *) rc5_ecb_params; + mech->len = sizeof *rc5_ecb_params; + break; case CKM_RC5_CBC: case CKM_RC5_CBC_PAD: - rv = SEC_ASN1DecodeItem(NULL, &rc5 ,sec_rc5cbc_parameter_template, + rv = SEC_ASN1DecodeItem(arena, &rc5 ,sec_rc5cbc_parameter_template, &(algid->parameters)); if (rv != SECSuccess) { - PORT_Free(mech); - return NULL; + goto loser; } - rc5_params_cbc = (CK_RC5_CBC_PARAMS *) + rc5_cbc_params = (CK_RC5_CBC_PARAMS *) PORT_Alloc(sizeof(CK_RC5_CBC_PARAMS) + rc5.iv.len); - PORT_Free(rc5.version.data); - if (rc2_params == NULL) { - PORT_Free(rc5.iv.data); - PORT_Free(rc5.rounds.data); - PORT_Free(rc5.blockSizeInBits.data); - PORT_Free(mech); - return NULL; + if (rc5_cbc_params == NULL) { + goto loser; } - rc5_params_cbc->ulRounds = DER_GetInteger(&rc5.rounds); - rc5_params_cbc->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8; - PORT_Free(rc5.rounds.data); - PORT_Free(rc5.blockSizeInBits.data); - rc5_params_cbc->pIv = ((CK_BYTE_PTR)rc5_params_cbc) + mech->data = (unsigned char *) rc5_cbc_params; + mech->len = sizeof *rc5_cbc_params; + rc5_cbc_params->ulRounds = DER_GetInteger(&rc5.rounds); + rc5_cbc_params->ulWordsize = DER_GetInteger(&rc5.blockSizeInBits)/8; + rc5_cbc_params->pIv = ((CK_BYTE_PTR)rc5_cbc_params) + sizeof(CK_RC5_CBC_PARAMS); - PORT_Memcpy(rc5_params_cbc->pIv,rc5.iv.data,rc5.iv.len); - rc5_params_cbc->ulIvLen = rc5.iv.len; - PORT_Free(rc5.iv.data); - mech->data = (unsigned char *) rc5_params_cbc; - mech->len = sizeof(CK_RC5_CBC_PARAMS); - return mech; + rc5_cbc_params->ulIvLen = rc5.iv.len; + PORT_Memcpy(rc5_cbc_params->pIv, rc5.iv.data, rc5.iv.len); + break; case CKM_PBE_MD2_DES_CBC: case CKM_PBE_MD5_DES_CBC: case CKM_NETSCAPE_PBE_SHA1_DES_CBC: @@ -3899,25 +3889,9 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) case CKM_PBE_SHA1_RC4_128: rv = pbe_PK11AlgidToParam(algid,mech); if (rv != SECSuccess) { - PORT_Free(mech); - return NULL; + goto loser; } - return mech; - default: - /* must be a simple case */ break; - } - - /* simple cases are simpley Octect encoded IV's */ - rv = SEC_ASN1DecodeItem(NULL, &iv, SEC_OctetStringTemplate, - &(algid->parameters)); - if (rv != SECSuccess) { - iv.data = NULL; - iv.len = 0; - } - - rv = SECSuccess; - switch (type) { case CKM_RC4: case CKM_AES_ECB: case CKM_DES_ECB: @@ -3927,15 +3901,13 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) case CKM_CAST_ECB: case CKM_CAST3_ECB: case CKM_CAST5_ECB: - mech->data = NULL; - mech->len = 0; break; + default: if (pk11_lookup(type)->iv == 0) { - mech->data = NULL; - mech->len = 0; break; } + /* FALL THROUGH */ case CKM_AES_CBC: case CKM_DES_CBC: case CKM_DES3_CBC: @@ -3968,25 +3940,29 @@ PK11_ParamFromAlgid(SECAlgorithmID *algid) case CKM_JUNIPER_CBC128: case CKM_JUNIPER_COUNTER: case CKM_JUNIPER_SHUFFLE: - if (iv.data == NULL) { - rv = SECFailure; - break; + /* simple cases are simply octet string encoded IVs */ + rv = SEC_ASN1DecodeItem(arena, &iv, SEC_OctetStringTemplate, + &(algid->parameters)); + if (rv != SECSuccess || iv.data == NULL) { + goto loser; } + /* XXX Should be some IV length sanity check here. */ mech->data = (unsigned char*)PORT_Alloc(iv.len); if (mech->data == NULL) { - rv = SECFailure; - break; + goto loser; } - PORT_Memcpy(mech->data,iv.data,iv.len); + PORT_Memcpy(mech->data, iv.data, iv.len); mech->len = iv.len; break; } - if (iv.data) PORT_Free(iv.data); - if (rv != SECSuccess) { - SECITEM_FreeItem(mech,PR_TRUE); - return NULL; - } + PORT_FreeArena(arena, PR_FALSE); return mech; + +loser: + if (arena) + PORT_FreeArena(arena, PR_FALSE); + SECITEM_FreeItem(mech,PR_TRUE); + return NULL; } SECStatus diff --git a/security/nss/lib/smime/cmscipher.c b/security/nss/lib/smime/cmscipher.c index 6d73beaff..71cd9682a 100644 --- a/security/nss/lib/smime/cmscipher.c +++ b/security/nss/lib/smime/cmscipher.c @@ -507,7 +507,6 @@ NSS_CMSCipherContext_Decrypt(NSSCMSCipherContext *cc, unsigned char *output, * If we do not, there is something wrong, either with our own * logic or with (length of) the data given to us. */ - PORT_Assert ((padsize == 0) || (pcount % padsize) == 0); if ((padsize != 0) && (pcount % padsize) != 0) { PORT_Assert (final); PORT_SetError (SEC_ERROR_BAD_DATA); diff --git a/security/nss/lib/smime/cmsenvdata.c b/security/nss/lib/smime/cmsenvdata.c index 111ada533..87a795ad5 100644 --- a/security/nss/lib/smime/cmsenvdata.c +++ b/security/nss/lib/smime/cmsenvdata.c @@ -360,7 +360,11 @@ NSS_CMSEnvelopedData_Decode_BeforeData(NSSCMSEnvelopedData *envd) cinfo = &(envd->contentInfo); bulkalgtag = NSS_CMSContentInfo_GetContentEncAlgTag(cinfo); - bulkkey = NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient->subIndex, + if (bulkalgtag == SEC_OID_UNKNOWN) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + } else + bulkkey = + NSS_CMSRecipientInfo_UnwrapBulkKey(ri,recipient->subIndex, recipient->cert, recipient->privkey, bulkalgtag); diff --git a/security/nss/lib/smime/cmspubkey.c b/security/nss/lib/smime/cmspubkey.c index 1cf0336e4..10eee8155 100644 --- a/security/nss/lib/smime/cmspubkey.c +++ b/security/nss/lib/smime/cmspubkey.c @@ -128,7 +128,14 @@ PK11SymKey * NSS_CMSUtil_DecryptSymKey_RSA(SECKEYPrivateKey *privkey, SECItem *encKey, SECOidTag bulkalgtag) { /* that's easy */ - return PK11_PubUnwrapSymKey(privkey, encKey, PK11_AlgtagToMechanism(bulkalgtag), CKA_DECRYPT, 0); + CK_MECHANISM_TYPE target; + PORT_Assert(bulkalgtag != SEC_OID_UNKNOWN); + target = PK11_AlgtagToMechanism(bulkalgtag); + if (bulkalgtag == SEC_OID_UNKNOWN || target == CKM_INVALID_MECHANISM) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return NULL; + } + return PK11_PubUnwrapSymKey(privkey, encKey, target, CKA_DECRYPT, 0); } /* ====== MISSI (Fortezza) ========================================================== */ diff --git a/security/nss/lib/util/secasn1d.c b/security/nss/lib/util/secasn1d.c index 965fa702d..2663abd3b 100644 --- a/security/nss/lib/util/secasn1d.c +++ b/security/nss/lib/util/secasn1d.c @@ -959,7 +959,7 @@ sec_asn1d_parse_more_length (sec_asn1d_state *state, count = 0; while (len && state->pending) { - if (HIGH_BITS (state->contents_length, 8) != 0) { + if (HIGH_BITS (state->contents_length, 9) != 0) { /* * The given full content length overflows our container; * just give up. diff --git a/security/nss/lib/util/secport.c b/security/nss/lib/util/secport.c index fb0892101..7d276f9b7 100644 --- a/security/nss/lib/util/secport.c +++ b/security/nss/lib/util/secport.c @@ -207,6 +207,8 @@ PORT_NewArena(unsigned long chunksize) return(&pool->arena); } +#define MAX_SIZE 0x7fffffffUL + void * PORT_ArenaAlloc(PLArenaPool *arena, size_t size) { @@ -218,6 +220,9 @@ PORT_ArenaAlloc(PLArenaPool *arena, size_t size) size = 1; } + if (size > MAX_SIZE) { + /* you lose. */ + } else /* Is it one of ours? Assume so and check the magic */ if (ARENAPOOL_MAGIC == pool->magic ) { PZ_Lock(pool->lock); |