diff options
author | emaldona%redhat.com <devnull@localhost> | 2009-05-13 23:51:54 +0000 |
---|---|---|
committer | emaldona%redhat.com <devnull@localhost> | 2009-05-13 23:51:54 +0000 |
commit | 5bbd3315e146df6ebccd80d13beaa7b8b45877a2 (patch) | |
tree | ff26da009cc7d5056ea2d5e50fb581e47d2614ba /security | |
parent | 1bec9e9707902c6dfe15156e90d821ac2c8873a7 (diff) | |
download | nss-hg-5bbd3315e146df6ebccd80d13beaa7b8b45877a2.tar.gz |
[449332, r=nelson] SECU_ParseCommandLine checks input for duplicate options and fixed such duplicate in pk12util
Diffstat (limited to 'security')
-rw-r--r-- | security/nss/cmd/lib/secutil.c | 53 | ||||
-rw-r--r-- | security/nss/cmd/pk12util/pk12util.c | 18 |
2 files changed, 64 insertions, 7 deletions
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c index 7a53723e8..765ca163f 100644 --- a/security/nss/cmd/lib/secutil.c +++ b/security/nss/cmd/lib/secutil.c @@ -3315,6 +3315,56 @@ SEC_PrintCertificateAndTrust(CERTCertificate *cert, return(SECSuccess); } +#if defined(DEBUG) || defined(FORCE_PR_ASSERT) +/* Returns true iff a[i].flag has a duplicate in a[i+1 : count-1] */ +static PRBool HasShortDuplicate(int i, secuCommandFlag *a, int count) +{ + char target = a[i].flag; + int j; + + /* duplicate '\0' flags are okay, they are used with long forms */ + for (j = i+1; j < count; j++) { + if (a[j].flag && a[j].flag == target) { + return PR_TRUE; + } + } + return PR_FALSE; +} + +/* Returns true iff a[i].longform has a duplicate in a[i+1 : count-1] */ +static PRBool HasLongDuplicate(int i, secuCommandFlag *a, int count) +{ + int j; + char *target = a[i].longform; + + if (!target) + return PR_FALSE; + + for (j = i+1; j < count; j++) { + if (a[j].longform && strcmp(a[j].longform, target) == 0) { + return PR_TRUE; + } + } + return PR_FALSE; +} + +/* Returns true iff a has no short or long form duplicates + */ +PRBool HasNoDuplicates(secuCommandFlag *a, int count) +{ + int i; + + for (i = 0; i < count; i++) { + if (a[i].flag && HasShortDuplicate(i, a, count)) { + return PR_FALSE; + } + if (a[i].longform && HasLongDuplicate(i, a, count)) { + return PR_FALSE; + } + } + return PR_TRUE; +} +#endif SECStatus SECU_ParseCommandLine(int argc, char **argv, char *progName, @@ -3328,6 +3378,9 @@ SECU_ParseCommandLine(int argc, char **argv, char *progName, int i, j; int lcmd = 0, lopt = 0; + PR_ASSERT(HasNoDuplicates(cmd->commands, cmd->numCommands)); + PR_ASSERT(HasNoDuplicates(cmd->options, cmd->numOptions)); + optstring = (char *)PORT_Alloc(cmd->numCommands + 2*cmd->numOptions+1); if (optstring == NULL) return SECFailure; diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c index d1b6e8c42..dc08a6009 100644 --- a/security/nss/cmd/pk12util/pk12util.c +++ b/security/nss/cmd/pk12util/pk12util.c @@ -57,18 +57,22 @@ static void Usage(char *progName) { #define FPS PR_fprintf(PR_STDERR, - FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname] [-v]\n", + FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n", progName); FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); + FPS "\t\t [-v]\n"); - FPS "Usage: %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname] [-r]\n", + FPS "Usage: %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname]\n", progName); FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); + FPS "\t\t [-v]\n"); - FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix] [-v]\n", - progName); - FPS "\t\t [-c key_cipher] [-C cert_cipher] [-m | --key_len keyLen] [-n | --cert_key_len certKeyLen]\n"); - FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filefilepw]\n"); + FPS "Usage: %s -o exportfile -n certname [-d certdir] [-P dbprefix]\n", + progName); + FPS "\t\t [-c key_cipher] [-C cert_cipher]\n" + "\t\t [-m | --key_len keyLen] [--cert_key_len certKeyLen] [-v]\n"); + FPS "\t\t [-k slotpwfile | -K slotpw]\n" + "\t\t [-w p12filepwfile | -W p12filefilepw]\n"); exit(PK12UERR_USAGE); } @@ -955,7 +959,7 @@ static secuCommandFlag pk12util_options[] = { /* opt_Cipher */ 'c', PR_TRUE, 0, PR_FALSE }, { /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE }, { /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" }, - { /* opt_CertKeyLength */ 'n', PR_TRUE, 0, PR_FALSE, "cert_key_len" } + { /* opt_CertKeyLength */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" } }; int |