diff options
author | nelson%bolyard.com <devnull@localhost> | 2007-03-14 02:08:54 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2007-03-14 02:08:54 +0000 |
commit | e7cc50ae123d7353cb60b65c552da65a7bed80c6 (patch) | |
tree | 609e2e6bb71b842d2a1cf8fb77cb946e604e3557 | |
parent | 2e894b7c5e3cbc49267a650022f3766e81b83441 (diff) | |
parent | 260540541c7c5df40b6fe09d6f39dc20d9c5bfa8 (diff) | |
download | nss-hg-e7cc50ae123d7353cb60b65c552da65a7bed80c6.tar.gz |
Fix bug 129218, bug 367037, and bug 370957 on BYPASS branch.
-rw-r--r-- | security/nss/cmd/strsclnt/strsclnt.c | 107 |
1 files changed, 62 insertions, 45 deletions
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 5b456d817..94a8b9ba6 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -115,6 +115,7 @@ int ssl3CipherSuites[] = { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, /* w */ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, /* x */ TLS_RSA_WITH_AES_256_CBC_SHA, /* y */ + SSL_RSA_WITH_NULL_SHA, /* z */ 0 }; @@ -1093,16 +1094,18 @@ StressClient_GetClientAuthData(void * arg, } } -#define HEXCHAR_TO_INT(c, i) \ - if (((c) >= '0') && ((c) <= '9')) { \ - i = (c) - '0'; \ - } else if (((c) >= 'a') && ((c) <= 'f')) { \ - i = (c) - 'a' + 10; \ - } else if (((c) >= 'A') && ((c) <= 'F')) { \ - i = (c) - 'A' + 10; \ - } else { \ - Usage("strsclnt"); \ - } +int +hexchar_to_int(int c) +{ + if (((c) >= '0') && ((c) <= '9')) + return (c) - '0'; + if (((c) >= 'a') && ((c) <= 'f')) + return (c) - 'a' + 10; + if (((c) >= 'A') && ((c) <= 'F')) + return (c) - 'A' + 10; + failed_already = 1; + return -1; +} void client_main( @@ -1134,46 +1137,48 @@ client_main( /* disable all the ciphers, then enable the ones we want. */ disableAllSSLCiphers(); - while (0 != (ndx = *cipherString++)) { - int cipher; + while (0 != (ndx = *cipherString)) { + const char * startCipher = cipherString++; + int cipher = 0; + SECStatus rv; if (ndx == ':') { - int ctmp; - - cipher = 0; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 12); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 8); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 4); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= ctmp; - cipherString++; + cipher = hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n", + startCipher); + failed_already = 1; + return; + } } else { - const int *cptr; + if (isalpha(ndx)) { + const int *cptr; - if (! isalpha(ndx)) - Usage("strsclnt"); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - } - if (cipher > 0) { - SECStatus rv; - rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (rv != SECSuccess) { - fprintf(stderr, - "strsclnt: SSL_CipherPrefSetDefault failed with value 0x%04x\n", - cipher); - exit(1); + cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; + for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) + /* do nothing */; } - } else { - Usage("strsclnt"); - } + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n", + *startCipher); + failed_already = 1; + return; + } + } + rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); + if (rv != SECSuccess) { + fprintf(stderr, + "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n", + cipher); + failed_already = 1; + return; + } } } @@ -1410,6 +1415,8 @@ main(int argc, char **argv) } } + PL_DestroyOptState(optstate); + if (!hostName || status == PL_OPT_BAD) Usage(progName); @@ -1474,8 +1481,18 @@ main(int argc, char **argv) if (Cert_And_Key.key) { SECKEY_DestroyPrivateKey(Cert_And_Key.key); } + PR_DestroyLock(Cert_And_Key.lock); + if (Cert_And_Key.password) { + PL_strfree(Cert_And_Key.password); + } + if (Cert_And_Key.nickname) { + PL_strfree(Cert_And_Key.nickname); + } + + PL_strfree(hostName); + /* some final stats. */ if (ssl3stats->hsh_sid_cache_hits + ssl3stats->hsh_sid_cache_misses + ssl3stats->hsh_sid_cache_not_ok == 0) { |