diff options
author | christophe.ravel.bugs%sun.com <devnull@localhost> | 2005-08-18 18:32:17 +0000 |
---|---|---|
committer | christophe.ravel.bugs%sun.com <devnull@localhost> | 2005-08-18 18:32:17 +0000 |
commit | ac20248b6a226b273d2e4629b7492d3b048afd19 (patch) | |
tree | 771b01d7fdd62950c80280ab30012f4ba07dc645 | |
parent | 69cb91c5c2831185a403b8bf19dec990aacff02e (diff) | |
download | nss-hg-ac20248b6a226b273d2e4629b7492d3b048afd19.tar.gz |
Checking again for:
Backport from NSS 3.4 to NSS 3.3.4.x. Checkins to directory mozilla/security/nss
/lib/ssl by relyea* between 2001-12-05 00:00 and 2001-12-07 00:00
r+: Saul Edwards
sr+: Nelson Bolyard
Note: there is no bug for this fix on Bugzilla.
6289081
-rw-r--r-- | security/nss/lib/certhigh/certvfy.c | 2 | ||||
-rw-r--r-- | security/nss/lib/nss/nss.h | 2 | ||||
-rw-r--r-- | security/nss/lib/ssl/authcert.c | 4 | ||||
-rw-r--r-- | security/nss/lib/ssl/emulate.c | 10 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 14 | ||||
-rw-r--r-- | security/nss/lib/ssl/ssldef.c | 6 | ||||
-rw-r--r-- | security/nss/lib/ssl/sslsock.c | 2 |
7 files changed, 28 insertions, 12 deletions
diff --git a/security/nss/lib/certhigh/certvfy.c b/security/nss/lib/certhigh/certvfy.c index ef5d49270..bd13eea1d 100644 --- a/security/nss/lib/certhigh/certvfy.c +++ b/security/nss/lib/certhigh/certvfy.c @@ -653,7 +653,7 @@ CERT_VerifyCertChain(CERTCertDBHandle *handle, CERTCertificate *cert, subjectNameList = CERT_GetCertificateNames(subjectCert, arena); subjectNameListLen = CERT_GetNamesLength(subjectNameList); for (i = 0; i < subjectNameListLen; i++) { - if (namesIndexLen < namesCount + i) { + if (namesIndexLen <= namesCount + i) { namesIndexLen = namesIndexLen * 2; namesIndex = (SECItem *) PORT_Realloc(namesIndex, namesIndexLen * sizeof(SECItem)); diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index e48060a5f..2c0741802 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -49,7 +49,7 @@ SEC_BEGIN_PROTOS * The format of the version string should be * "<major version>.<minor version>[.<patch level>] [<Beta>]" */ -#define NSS_VERSION "3.3.4.6" +#define NSS_VERSION "3.3.4.7" #define NSS_VMAJOR 3 #define NSS_VMINOR 3 #define NSS_VPATCH 4 diff --git a/security/nss/lib/ssl/authcert.c b/security/nss/lib/ssl/authcert.c index 5a9c45e5a..bd473f11f 100644 --- a/security/nss/lib/ssl/authcert.c +++ b/security/nss/lib/ssl/authcert.c @@ -59,8 +59,8 @@ NSS_GetClientAuthData(void * arg, struct CERTCertificateStr ** pRetCert, struct SECKEYPrivateKeyStr **pRetKey) { - CERTCertificate * cert; - SECKEYPrivateKey * privkey; + CERTCertificate * cert = NULL; + SECKEYPrivateKey * privkey = NULL; char * chosenNickName = (char *)arg; /* CONST */ void * proto_win = NULL; SECStatus rv = SECFailure; diff --git a/security/nss/lib/ssl/emulate.c b/security/nss/lib/ssl/emulate.c index bb6efc140..77c99639f 100644 --- a/security/nss/lib/ssl/emulate.c +++ b/security/nss/lib/ssl/emulate.c @@ -202,7 +202,7 @@ ssl_EmulateTransmitFile( PRFileDesc * sd, PRTransmitFileFlags flags, PRIntervalTime timeout) { - void * addr; + void * addr = NULL; PRFileMap * mapHandle = NULL; PRInt32 count = 0; PRInt32 index = 0; @@ -461,7 +461,7 @@ PRInt32 ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd, PRTransmitFileFlags flags, PRIntervalTime timeout) { - void * addr; + void * addr = NULL; PRFileMap * mapHandle = NULL; PRInt32 count = 0; PRInt32 file_bytes; @@ -529,6 +529,12 @@ ssl_EmulateSendFile(PRFileDesc *sd, PRSendFileData *sfd, len = mmap_len - addr_offset; } /* + * filebytes is negative or SENDFILE_MMAP_CHUNK is less than pagesize. + * assert so we catch problems in debug builds. + */ + PR_ASSERT(len >= 0); + + /* * Map in (part of) file. Take care of zero-length files. */ if (len > 0) { diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 8ed3e0e8d..df6ef439b 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -444,9 +444,9 @@ ssl3_config_match_init(sslSocket *ss) /* Mark the suites that are backed by real tokens, certs and keys */ suite->isPresent = (PRBool) (((exchKeyType == kt_null) || - (!isServer || (ss->serverKey[exchKeyType] && + ((!isServer || (ss->serverKey[exchKeyType] && ss->serverCertChain[exchKeyType])) && - PK11_TokenExists(kea_alg_defs[exchKeyType])) && + PK11_TokenExists(kea_alg_defs[exchKeyType]))) && ((cipher_alg == calg_null) || PK11_TokenExists(cipher_alg))); if (suite->isPresent) ++numPresent; @@ -2922,6 +2922,10 @@ ssl_UnwrapSymWrappingKey( PK11_PubUnwrapSymKey(svrPrivKey, &wrappedKey, masterWrapMech, CKA_UNWRAP, 0); break; + default: + /* Assert? */ + SET_ERROR_CODE + goto loser; } loser: return unwrappedWrappingKey; @@ -2954,7 +2958,7 @@ getWrappingKey( sslSocket * ss, SECKEYPublicKey * svrPubKey = NULL; PK11SymKey * unwrappedWrappingKey = NULL; PK11SymKey ** pSymWrapKey; - CK_MECHANISM_TYPE asymWrapMechanism; + CK_MECHANISM_TYPE asymWrapMechanism = CKM_INVALID_MECHANISM; int length; int symWrapMechIndex; SECStatus rv; @@ -3090,6 +3094,8 @@ no_wrapped_key: goto loser; } + PORT_Assert(asymWrapMechanism != CKM_INVALID_MECHANISM); + wswk.symWrapMechanism = masterWrapMech; wswk.symWrapMechIndex = symWrapMechIndex; wswk.asymWrapMechanism = asymWrapMechanism; @@ -3486,7 +3492,7 @@ loser: static SECStatus sendFortezzaClientKeyExchange(sslSocket * ss, SECKEYPublicKey * serverKey) { - ssl3CipherSpec * pwSpec; + ssl3CipherSpec * pwSpec = NULL; sslSessionID * sid = ss->sec->ci.sid; PK11SlotInfo * slot = NULL; PK11SymKey * pms = NULL; diff --git a/security/nss/lib/ssl/ssldef.c b/security/nss/lib/ssl/ssldef.c index 81d6db8c8..1d98cac88 100644 --- a/security/nss/lib/ssl/ssldef.c +++ b/security/nss/lib/ssl/ssldef.c @@ -41,8 +41,10 @@ #if defined(WIN32) #define MAP_ERROR(from,to) if (err == from) { PORT_SetError(to); } +#define DEFINE_ERROR PRErrorCode err = PR_GetError(); #else #define MAP_ERROR(from,to) +#define DEFINE_ERROR #endif int ssl_DefConnect(sslSocket *ss, const PRNetAddr *sa) @@ -88,7 +90,7 @@ int ssl_DefRecv(sslSocket *ss, unsigned char *buf, int len, int flags) rv = lower->methods->recv(lower, (void *)buf, len, flags, ss->rTimeout); if (rv < 0) { - PRErrorCode err = PR_GetError(); + DEFINE_ERROR MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) } else if (rv > len) { PORT_Assert(rv <= len); @@ -152,7 +154,7 @@ int ssl_DefRead(sslSocket *ss, unsigned char *buf, int len) rv = lower->methods->read(lower, (void *)buf, len); if (rv < 0) { - PRErrorCode err = PR_GetError(); + DEFINE_ERROR MAP_ERROR(PR_SOCKET_SHUTDOWN_ERROR, PR_CONNECT_RESET_ERROR) } return rv; diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c index d294a1421..81ec18d99 100644 --- a/security/nss/lib/ssl/sslsock.c +++ b/security/nss/lib/ssl/sslsock.c @@ -306,7 +306,9 @@ ssl_FreeSocket(sslSocket *ss) int i; sslSocket *fs; +#ifdef DEBUG sslSocket lSock; +#endif /* Get every lock you can imagine! ** Caller already holds these: |