diff options
author | nelson%bolyard.com <devnull@localhost> | 2007-03-14 01:47:59 +0000 |
---|---|---|
committer | nelson%bolyard.com <devnull@localhost> | 2007-03-14 01:47:59 +0000 |
commit | 54814f748537adfdace38c64673c4c8ae9da10bf (patch) | |
tree | 70c135c45366ac3d0ec9fe4a2babd3e65168ee72 | |
parent | 2df9a7a375d0b64ba2fbb06db68691d76523974e (diff) | |
download | nss-hg-54814f748537adfdace38c64673c4c8ae9da10bf.tar.gz |
Backport fixes for bug 129218 & bug 367037 from trunk to 3_11 branch. r=me.
-rw-r--r-- | security/nss/cmd/strsclnt/strsclnt.c | 106 |
1 files changed, 61 insertions, 45 deletions
diff --git a/security/nss/cmd/strsclnt/strsclnt.c b/security/nss/cmd/strsclnt/strsclnt.c index 5b456d817..bc6f04afa 100644 --- a/security/nss/cmd/strsclnt/strsclnt.c +++ b/security/nss/cmd/strsclnt/strsclnt.c @@ -1093,16 +1093,18 @@ StressClient_GetClientAuthData(void * arg, } } -#define HEXCHAR_TO_INT(c, i) \ - if (((c) >= '0') && ((c) <= '9')) { \ - i = (c) - '0'; \ - } else if (((c) >= 'a') && ((c) <= 'f')) { \ - i = (c) - 'a' + 10; \ - } else if (((c) >= 'A') && ((c) <= 'F')) { \ - i = (c) - 'A' + 10; \ - } else { \ - Usage("strsclnt"); \ - } +int +hexchar_to_int(int c) +{ + if (((c) >= '0') && ((c) <= '9')) + return (c) - '0'; + if (((c) >= 'a') && ((c) <= 'f')) + return (c) - 'a' + 10; + if (((c) >= 'A') && ((c) <= 'F')) + return (c) - 'A' + 10; + failed_already = 1; + return -1; +} void client_main( @@ -1134,46 +1136,48 @@ client_main( /* disable all the ciphers, then enable the ones we want. */ disableAllSSLCiphers(); - while (0 != (ndx = *cipherString++)) { - int cipher; + while (0 != (ndx = *cipherString)) { + const char * startCipher = cipherString++; + int cipher = 0; + SECStatus rv; if (ndx == ':') { - int ctmp; - - cipher = 0; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 12); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 8); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= (ctmp << 4); - cipherString++; - HEXCHAR_TO_INT(*cipherString, ctmp) - cipher |= ctmp; - cipherString++; + cipher = hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + cipher <<= 4; + cipher |= hexchar_to_int(*cipherString++); + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher value: %-5.5s\n", + startCipher); + failed_already = 1; + return; + } } else { - const int *cptr; + if (isalpha(ndx)) { + const int *cptr; - if (! isalpha(ndx)) - Usage("strsclnt"); - cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; - for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) - /* do nothing */; - } - if (cipher > 0) { - SECStatus rv; - rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); - if (rv != SECSuccess) { - fprintf(stderr, - "strsclnt: SSL_CipherPrefSetDefault failed with value 0x%04x\n", - cipher); - exit(1); + cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites; + for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) + /* do nothing */; } - } else { - Usage("strsclnt"); - } + if (cipher <= 0) { + fprintf(stderr, "strsclnt: Invalid cipher letter: %c\n", + *startCipher); + failed_already = 1; + return; + } + } + rv = SSL_CipherPrefSetDefault(cipher, PR_TRUE); + if (rv != SECSuccess) { + fprintf(stderr, + "strsclnt: SSL_CipherPrefSetDefault(0x%04x) failed\n", + cipher); + failed_already = 1; + return; + } } } @@ -1410,6 +1414,8 @@ main(int argc, char **argv) } } + PL_DestroyOptState(optstate); + if (!hostName || status == PL_OPT_BAD) Usage(progName); @@ -1474,8 +1480,18 @@ main(int argc, char **argv) if (Cert_And_Key.key) { SECKEY_DestroyPrivateKey(Cert_And_Key.key); } + PR_DestroyLock(Cert_And_Key.lock); + if (Cert_And_Key.password) { + PL_strfree(Cert_And_Key.password); + } + if (Cert_And_Key.nickname) { + PL_strfree(Cert_And_Key.nickname); + } + + PL_strfree(hostName); + /* some final stats. */ if (ssl3stats->hsh_sid_cache_hits + ssl3stats->hsh_sid_cache_misses + ssl3stats->hsh_sid_cache_not_ok == 0) { |