diff options
author | relyea%netscape.com <devnull@localhost> | 2005-06-20 23:19:53 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2005-06-20 23:19:53 +0000 |
commit | 4f9e9ecd15b512e4aef0047ae8f448d096dfd745 (patch) | |
tree | cfbfacfde598b019bfced0cc4a694ad6eb3d9032 | |
parent | a4cd0fd41c60135f6e6ba366ed1a967c880fc8c0 (diff) | |
download | nss-hg-4f9e9ecd15b512e4aef0047ae8f448d096dfd745.tar.gz |
Fix bugs in pcertdb where we can't upgrade from a cert8 file correctly:
1) make sure we still write the version number.
2) make sure that we bring the s/mime entries in after we've loaded the cert
entries.
-rw-r--r-- | security/nss/lib/softoken/pcertdb.c | 72 |
1 files changed, 58 insertions, 14 deletions
diff --git a/security/nss/lib/softoken/pcertdb.c b/security/nss/lib/softoken/pcertdb.c index 80faa7d84..98d04d453 100644 --- a/security/nss/lib/softoken/pcertdb.c +++ b/security/nss/lib/softoken/pcertdb.c @@ -2605,7 +2605,7 @@ ReadDBSubjectEntry(NSSLOWCERTCertDBHandle *handle, SECItem *derSubject) entry->common.type = certDBEntryTypeSubject; rv = EncodeDBSubjectKey(derSubject, tmparena, &dbkey); - if ( rv != SECSuccess ) { + if ( rv != SECSuccess ) { goto loser; } @@ -3464,7 +3464,25 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb); static SECStatus UpdateV8DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) { - return UpdateV7DB(handle,updatedb); + SECStatus rv; + certDBEntryVersion *versionEntry = NULL; + + versionEntry = NewDBVersionEntry(0); + if ( versionEntry == NULL ) { + rv = SECFailure; + goto loser; + } + + rv = WriteDBVersionEntry(handle, versionEntry); + + DestroyDBEntry((certDBEntry *)versionEntry); + + if ( rv != SECSuccess ) { + goto loser; + } + rv = UpdateV7DB(handle,updatedb); +loser: + return rv; } @@ -3513,6 +3531,9 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) case certDBEntryTypeSubject: case certDBEntryTypeContentVersion: case certDBEntryTypeNickname: + /* smime profiles need entries created after the certs have + * been imported, loop over them in a second run */ + case certDBEntryTypeSMimeProfile: break; case certDBEntryTypeCert: @@ -3560,22 +3581,45 @@ UpdateV7DB(NSSLOWCERTCertDBHandle *handle, DB *updatedb) crlEntry.common.arena = NULL; break; - case certDBEntryTypeSMimeProfile: - smimeEntry.common.version = (unsigned int)dataBuf[0]; - smimeEntry.common.type = entryType; - smimeEntry.common.flags = (unsigned int)dataBuf[2]; - smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); - /* decode entry */ + default: + break; + } + } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 ); + + /* now loop again updating just the SMimeProfile. */ + ret = (* updatedb->seq)(updatedb, &key, &data, R_FIRST); + + if ( ret ) { + return(SECFailure); + } + + do { + unsigned char *dataBuf = (unsigned char *)data.data; + unsigned char *keyBuf = (unsigned char *)key.data; + dbEntry.data = &dataBuf[SEC_DB_ENTRY_HEADER_LEN]; + dbEntry.len = data.size - SEC_DB_ENTRY_HEADER_LEN; + entryType = (certDBEntryType) keyBuf[0]; + if (entryType != certDBEntryTypeSMimeProfile) { + continue; + } + dbKey.data = &keyBuf[SEC_DB_KEY_HEADER_LEN]; + dbKey.len = key.size - SEC_DB_KEY_HEADER_LEN; + if ((dbEntry.len <= 0) || (dbKey.len <= 0)) { + continue; + } + smimeEntry.common.version = (unsigned int)dataBuf[0]; + smimeEntry.common.type = entryType; + smimeEntry.common.flags = (unsigned int)dataBuf[2]; + smimeEntry.common.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + /* decode entry */ + rv = DecodeDBSMimeEntry(&smimeEntry,&dbEntry,(char *)dbKey.data); + if (rv == SECSuccess) { nsslowcert_UpdateSMimeProfile(handle, smimeEntry.emailAddr, &smimeEntry.subjectName, &smimeEntry.smimeOptions, &smimeEntry.optionsDate); - PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); - smimeEntry.common.arena = NULL; - break; - default: - break; } + PORT_FreeArena(smimeEntry.common.arena, PR_FALSE); + smimeEntry.common.arena = NULL; } while ( (* updatedb->seq)(updatedb, &key, &data, R_NEXT) == 0 ); (* updatedb->close)(updatedb); |