diff options
author | kirke%netscape.com <devnull@localhost> | 2001-01-31 23:25:02 +0000 |
---|---|---|
committer | kirke%netscape.com <devnull@localhost> | 2001-01-31 23:25:02 +0000 |
commit | 610623b37cae851c5c5185b28c5099116e16a653 (patch) | |
tree | a0a3dc737bddde8ff0c72e4aac065fdd4b536d66 | |
parent | 4eb7618433660c6ff612fc8856130fca595bdfbd (diff) | |
download | nss-hg-610623b37cae851c5c5185b28c5099116e16a653.tar.gz |
Resolves bug 66244 - Many NSS command do not detect failure of NSS_Init* functions. Introduced SECU_PrintPRandOSError(progName); to print on failure. Each command is responsible for exiting with appropriate status to distinguish failure points.
-rw-r--r-- | security/nss/cmd/bltest/blapitest.c | 6 | ||||
-rw-r--r-- | security/nss/cmd/certcgi/certcgi.c | 12 | ||||
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 9 | ||||
-rw-r--r-- | security/nss/cmd/crlutil/crlutil.c | 7 | ||||
-rw-r--r-- | security/nss/cmd/derdump/derdump.c | 6 | ||||
-rw-r--r-- | security/nss/cmd/lib/secutil.c | 16 | ||||
-rw-r--r-- | security/nss/cmd/lib/secutil.h | 2 | ||||
-rw-r--r-- | security/nss/cmd/modutil/error.h | 2 | ||||
-rw-r--r-- | security/nss/cmd/modutil/modutil.c | 15 | ||||
-rw-r--r-- | security/nss/cmd/p7content/p7content.c | 7 | ||||
-rw-r--r-- | security/nss/cmd/p7env/p7env.c | 7 | ||||
-rw-r--r-- | security/nss/cmd/p7sign/p7sign.c | 8 | ||||
-rw-r--r-- | security/nss/cmd/p7verify/p7verify.c | 7 | ||||
-rw-r--r-- | security/nss/cmd/pk12util/pk12util.c | 12 | ||||
-rw-r--r-- | security/nss/cmd/signtool/util.c | 9 | ||||
-rw-r--r-- | security/nss/cmd/signver/signver.c | 7 |
16 files changed, 109 insertions, 23 deletions
diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c index c946ccad7..05c72df5b 100644 --- a/security/nss/cmd/bltest/blapitest.c +++ b/security/nss/cmd/bltest/blapitest.c @@ -1992,7 +1992,11 @@ int main(int argc, char **argv) progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; - NSS_NoDB_Init(NULL); + rv = NSS_NoDB_Init(NULL); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } rv = SECU_ParseCommandLine(argc, argv, progName, &bltest); diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c index 0b9a02305..ad14f6dd9 100644 --- a/security/nss/cmd/certcgi/certcgi.c +++ b/security/nss/cmd/certcgi/certcgi.c @@ -62,6 +62,7 @@ #define SERIAL_FILE "../serial" #define DB_DIRECTORY ".." +static char *progName; typedef struct PairStr Pair; @@ -2201,8 +2202,8 @@ done: } -void -main() +int +main(int argc, char **argv) { int length = 500; int remaining = 500; @@ -2240,6 +2241,9 @@ main() PRBool UChain = PR_FALSE; + progName = strrchr(argv[0], '/'); + progName = progName ? progName+1 : argv[0]; + #ifdef TEST sleep(20); @@ -2251,6 +2255,10 @@ main() PK11_SetPasswordFunc(return_dbpasswd); NSS_InitReadWrite(DBdir); + if (status != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } handle = CERT_GetDefaultCertDB(); prefix[0]= '\0'; diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index 23d97444c..74a51b080 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -2450,14 +2450,7 @@ main(int argc, char **argv) rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix, "secmod.db", PR_FALSE); if (rv != SECSuccess) { - char buffer[513]; - PRErrorCode err = PR_GetError(); - PRInt32 errLen = PR_GetErrorTextLength(); - if (errLen > 0 && errLen < sizeof buffer) - PR_GetErrorText(buffer); - SECU_PrintError(progName, "NSS_Initialize failed"); - if (errLen > 0 && errLen < sizeof buffer) - PR_fprintf(PR_STDERR, "\t%s\n", buffer); + SECU_PrintPRandOSError(progName); return -1; } certHandle = CERT_GetDefaultCertDB(); diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c index 374c5d00c..b2633c40d 100644 --- a/security/nss/cmd/crlutil/crlutil.c +++ b/security/nss/cmd/crlutil/crlutil.c @@ -268,6 +268,7 @@ int main(int argc, char **argv) int crlType; PLOptState *optstate; PLOptStatus status; + SECStatus secstatus; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -346,7 +347,11 @@ int main(int argc, char **argv) if (importCRL && !inFile) Usage (progName); PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_InitReadWrite(SECU_ConfigDirectory(NULL)); + secstatus = NSS_InitReadWrite(SECU_ConfigDirectory(NULL)); + if (secstatus != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } certHandle = CERT_GetDefaultCertDB(); if (certHandle == NULL) { diff --git a/security/nss/cmd/derdump/derdump.c b/security/nss/cmd/derdump/derdump.c index ef1cb4988..603d5f772 100644 --- a/security/nss/cmd/derdump/derdump.c +++ b/security/nss/cmd/derdump/derdump.c @@ -111,7 +111,11 @@ int main(int argc, char **argv) if (!inFile) inFile = PR_STDIN; if (!outFile) outFile = stdout; - NSS_NoDB_Init(NULL); /* XXX */ + rv = NSS_NoDB_Init(NULL); /* XXX */ + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE); if (rv == SECSuccess) { diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 50865a87c..a36947fb5 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -2455,3 +2455,19 @@ SECU_ErrorString(int16 err) return SECUErrorBuf; } + + +void +SECU_PrintPRandOSError(char *progName) +{ + char buffer[513]; + PRErrorCode err = PR_GetError(); + PRInt32 errLen = PR_GetErrorTextLength(); + if (errLen > 0 && errLen < sizeof buffer) { + PR_GetErrorText(buffer); + } + SECU_PrintError(progName, "NSS_Initialize failed"); + if (errLen > 0 && errLen < sizeof buffer) { + PR_fprintf(PR_STDERR, "\t%s\n", buffer); + } +} diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h index 3bbb7b19b..81267e592 100644 --- a/security/nss/cmd/lib/secutil.h +++ b/security/nss/cmd/lib/secutil.h @@ -297,6 +297,8 @@ extern void SEC_Init(void); extern char *SECU_SECModDBName(void); +extern void SECU_PrintPRandOSError(char *progName); + /* * * Utilities for parsing security tools command lines diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h index 504e32f24..42583a355 100644 --- a/security/nss/cmd/modutil/error.h +++ b/security/nss/cmd/modutil/error.h @@ -80,6 +80,7 @@ typedef enum { STDIN_READ_ERR, UNSPECIFIED_ERR, NOCERTDB_MISUSE_ERR, + NSS_INITIALIZE_FAILED_ERR, LAST_ERR /* must be last */ } Error; @@ -132,6 +133,7 @@ static char *errStrings[] = { "ERROR: Unable to read from standard input.\n", "ERROR: Unknown error occurred.\n", "ERROR: -nocertdb option can only be used with the -jar command.\n" + "ERROR: NSS_Initialize() failed.\n" }; typedef enum { diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c index 05db00f16..a6b6d3382 100644 --- a/security/nss/cmd/modutil/modutil.c +++ b/security/nss/cmd/modutil/modutil.c @@ -40,6 +40,8 @@ static void install_error(char *message); static char* PR_fgets(char *buf, int size, PRFileDesc *file); +static char *progName; + /* This enum must be kept in sync with the commandNames list */ typedef enum { @@ -503,6 +505,8 @@ init_crypto(PRBool create, PRBool readOnly) PRBool free_moddbname = PR_FALSE; #endif Error retval; + SECStatus rv; + if(SECU_ConfigDirectory(dbdir)[0] == '\0') { PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]); @@ -613,8 +617,13 @@ init_crypto(PRBool create, PRBool readOnly) } /* Open/create key database */ - NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix, + rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix, "secmod.db", readOnly); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + retval=NSS_INITIALIZE_FAILED_ERR; + goto loser; + } retval=SUCCESS; loser: @@ -705,6 +714,10 @@ main(int argc, char *argv[]) #define STDINBUF_SIZE 80 char stdinbuf[STDINBUF_SIZE]; + progName = strrchr(argv[0], '/'); + progName = progName ? progName+1 : argv[0]; + + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); if(parse_args(argc, argv) != SUCCESS) { diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c index b333a9587..e7dfbeba3 100644 --- a/security/nss/cmd/p7content/p7content.c +++ b/security/nss/cmd/p7content/p7content.c @@ -203,6 +203,7 @@ main(int argc, char **argv) PRFileDesc *inFile; PLOptState *optstate; PLOptStatus status; + SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -251,7 +252,11 @@ main(int argc, char **argv) /* Call the initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_Init(SECU_ConfigDirectory(NULL)); + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } if (DecodeAndPrintFile(outFile, inFile, progName)) { SECU_PrintError(progName, "problem decoding data"); diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c index 65bbf09be..49a28392f 100644 --- a/security/nss/cmd/p7env/p7env.c +++ b/security/nss/cmd/p7env/p7env.c @@ -169,6 +169,7 @@ main(int argc, char **argv) struct recipient *recipients, *rcpt; PLOptState *optstate; PLOptStatus status; + SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -240,7 +241,11 @@ main(int argc, char **argv) /* Call the libsec initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_Init(SECU_ConfigDirectory(NULL)); + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } /* open cert database */ certHandle = CERT_GetDefaultCertDB(); diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c index 7735de54d..33b3e3e9c 100644 --- a/security/nss/cmd/p7sign/p7sign.c +++ b/security/nss/cmd/p7sign/p7sign.c @@ -178,6 +178,7 @@ main(int argc, char **argv) PRBool encapsulated = PR_FALSE; PLOptState *optstate; PLOptStatus status; + SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -236,7 +237,12 @@ main(int argc, char **argv) /* Call the initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_Init(SECU_ConfigDirectory(NULL)); + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } + /* open cert database */ certHandle = CERT_GetDefaultCertDB(); if (certHandle == NULL) { diff --git a/security/nss/cmd/p7verify/p7verify.c b/security/nss/cmd/p7verify/p7verify.c index c63f1dd10..71043f7e7 100644 --- a/security/nss/cmd/p7verify/p7verify.c +++ b/security/nss/cmd/p7verify/p7verify.c @@ -216,6 +216,7 @@ main(int argc, char **argv) SECCertUsage certUsage = certUsageEmailSigner; PLOptState *optstate; PLOptStatus status; + SECStatus rv; progName = strrchr(argv[0], '/'); progName = progName ? progName+1 : argv[0]; @@ -284,7 +285,11 @@ main(int argc, char **argv) /* Call the libsec initialization routines */ PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_Init(SECU_ConfigDirectory(NULL)); + rv = NSS_Init(SECU_ConfigDirectory(NULL)); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } if (HashDecodeAndVerify(outFile, contentFile, signatureFile, certUsage, progName)) { diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index 5f5770cec..a08cdbf8b 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -42,7 +42,7 @@ #define PKCS12_IN_BUFFER_SIZE 200 -char *progName; +static char *progName; PRIntn pk12uErrno = 0; @@ -784,10 +784,18 @@ loser: static PRUintn P12U_Init(char *dir) { + SECStatus rv; PK11_SetPasswordFunc(SECU_GetModulePassword); PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - NSS_InitReadWrite(dir); + rv = NSS_InitReadWrite(dir); + if (rv != SECSuccess) { + SECU_PrintPRandOSError(progName); + exit(-1); + } + + /* enable all ciphers */ + p12u_EnableAllCiphers(); /* setup unicode callback functions */ PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function); diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c index a4cb21fa7..51e0c7efb 100644 --- a/security/nss/cmd/signtool/util.c +++ b/security/nss/cmd/signtool/util.c @@ -766,10 +766,15 @@ InitCrypto(char *cert_dir, PRBool readOnly) /* some functions such as OpenKeyDB expect this path to be * implicitly set prior to calling */ if (readOnly) { - NSS_Init(cert_dir); + rv = NSS_Init(cert_dir); } else { - NSS_InitReadWrite(cert_dir); + rv = NSS_InitReadWrite(cert_dir); } + if (rv != SECSuccess) { + SECU_PrintPRandOSError(PROGRAM_NAME); + exit(-1); + } + SECU_ConfigDirectory (cert_dir); /* Been there done that */ diff --git a/security/nss/cmd/signver/signver.c b/security/nss/cmd/signver/signver.c index 801256bb1..23dfe3383 100644 --- a/security/nss/cmd/signver/signver.c +++ b/security/nss/cmd/signver/signver.c @@ -187,6 +187,7 @@ int main(int argc, char **argv) PRBool displayAllSigners = PR_FALSE; PRFileInfo info; PRInt32 nb; + SECStatus secstatus; secuCommand signver; signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag); @@ -302,7 +303,11 @@ int main(int argc, char **argv) } PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/ - NSS_Init(SECU_ConfigDirectory(NULL)); + secstatus = NSS_Init(SECU_ConfigDirectory(NULL)); + if (secstatus != SECSuccess) { + SECU_PrintPRandOSError(progName); + return -1; + } rv = SECU_ReadDERFromFile(&der, signFile, signver.options[opt_ASCII].activated); |