diff options
| -rw-r--r-- | security/nss/lib/certhigh/certvfypkix.c | 33 | ||||
| -rwxr-xr-x | security/nss/lib/libpkix/pkix/util/pkix_tools.h | 1 | ||||
| -rwxr-xr-x | security/nss/tests/libpkix/libpkix.sh | 6 |
3 files changed, 31 insertions, 9 deletions
diff --git a/security/nss/lib/certhigh/certvfypkix.c b/security/nss/lib/certhigh/certvfypkix.c index 913d658c9..49e67e3c3 100644 --- a/security/nss/lib/certhigh/certvfypkix.c +++ b/security/nss/lib/certhigh/certvfypkix.c @@ -85,6 +85,8 @@ pkix_pl_lifecycle_ObjectTableUpdate(int *objCountTable); PRInt32 parallelFnInvocationCount; +PRInt32 stackErrorCodes[MAX_STACK_DEPTH]; + #endif /* PKIX_OBJECT_LEAK_TEST */ @@ -841,17 +843,23 @@ cert_PkixErrorToNssCode( /* Loop until we find at least one error with non-null * plErr code, that is going to be nss error code. */ while (errPtr) { +#ifdef PKIX_OBJECT_LEAK_TEST + stackErrorCodes[errLevel] = errPtr->errCode; +#endif if (errPtr->plErr && !nssErr) { nssErr = errPtr->plErr; if (!pkixLog) break; } if (pkixLog) { - PR_LOG(pkixLog, 1, ("Error at level %d: %s\n", errLevel, + PR_LOG(pkixLog, 2, ("Error at level %d: %s\n", errLevel, PKIX_ErrorText[errPtr->errCode])); } errPtr = errPtr->cause; errLevel += 1; } +#ifdef PKIX_OBJECT_LEAK_TEST + stackErrorCodes[errLevel] = -1; +#endif PORT_Assert(nssErr); if (!nssErr) { *pNssErr = SEC_ERROR_LIBPKIX_INTERNAL; @@ -1020,9 +1028,6 @@ cert_GetBuildResults( fprintf(stderr, "BUILD ERROR:\n%s\n", temp); PKIX_PL_Free(temp, NULL); #endif /* DEBUG */ - cert_PkixErrorToNssCode(error, &nssErrorCode, plContext); - PORT_SetError(nssErrorCode); - if (verifyNode) { PKIX_Error *tmpError = cert_GetLogFromVerifyNode(log, verifyNode, plContext); @@ -1030,6 +1035,8 @@ cert_GetBuildResults( PKIX_PL_Object_DecRef((PKIX_PL_Object *)tmpError, plContext); } } + cert_PkixErrorToNssCode(error, &nssErrorCode, plContext); + PORT_SetError(nssErrorCode); goto cleanup; } @@ -1276,6 +1283,14 @@ cleanup: leakedObjNum = pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL); + if (pkixLog && leakedObjNum) { + int level = 0; + PR_LOG(pkixLog, 1, ("The following error caused object leaks:\n")); + for(;level < MAX_STACK_DEPTH && stackErrorCodes[level] != -1;level++) { + PR_LOG(pkixLog, 1, ("Error at level %d: %s\n", level, + PKIX_ErrorText[stackErrorCodes[level]])); + } + } if (abortOnLeak) { PORT_Assert(leakedObjNum == 0); } @@ -2234,6 +2249,15 @@ cleanup: leakedObjNum = pkix_pl_lifecycle_ObjectLeakCheck(leakedObjNum ? objCountTable : NULL); + if (pkixLog && leakedObjNum) { + int level = 0; + + PR_LOG(pkixLog, 1, ("The following error caused object leaks:\n")); + for(;level < MAX_STACK_DEPTH && stackErrorCodes[level] != -1;level++) { + PR_LOG(pkixLog, 1, ("Error at level %d: %s\n", level, + PKIX_ErrorText[stackErrorCodes[level]])); + } + } if (abortOnLeak) { PORT_Assert(leakedObjNum == 0); } @@ -2246,4 +2270,3 @@ cleanup: return r; } - diff --git a/security/nss/lib/libpkix/pkix/util/pkix_tools.h b/security/nss/lib/libpkix/pkix/util/pkix_tools.h index 0e224c495..040a150b0 100755 --- a/security/nss/lib/libpkix/pkix/util/pkix_tools.h +++ b/security/nss/lib/libpkix/pkix/util/pkix_tools.h @@ -210,7 +210,6 @@ extern PLHashNumber PR_CALLBACK pkix_ErrorGen_Hash (const void *key); funcName, &errorSetFlag, \ plContext); \ if (pkixErrorResult) { \ - printf("Error in fn: %s\n", myFuncName); \ PR_LOG(pkixLog, 5, \ ("%s%*s<- %s(%d) - %s\n", (errorGenerated ? "*" : " "), \ stackPosition, " ", fnStackNameArr[stackPosition], \ diff --git a/security/nss/tests/libpkix/libpkix.sh b/security/nss/tests/libpkix/libpkix.sh index 7d3b6caab..b32c73bfd 100755 --- a/security/nss/tests/libpkix/libpkix.sh +++ b/security/nss/tests/libpkix/libpkix.sh @@ -206,7 +206,7 @@ libpkix_setup_db() echo "Loading certs into DB at $DB_DIR" output=$TMP/libpkix_setup.tmp while read certName trusts; do - certutil -d $DB_DIR -A -n $certName -t $trusts -i $CERT_DIR/$certName.cert > $output 2>&1 + certutil -d $DB_DIR -A -n $certName -t $trusts -i $CERT_DIR/$certName.cert -f "${R_PWFILE}" > $output 2>&1 if [ $? -ne 0 ]; then echo "WARNING: unable to add a certificate($certName) into database" echo "certutil output:" @@ -243,14 +243,14 @@ libpkix_leak_test() [ $status -ne 0 ] && continue; extraOpt="" if [ "$explPolicy" -a "$explPolicy" != "undef" ]; then - extraOpt="-p -o $explPolicy" + extraOpt="-pp -o $explPolicy" fi cmd="vfychain -d $DB_DIR $extraOpt $CERT_DIR/$leafCert.cert" if [ -n "$MEMLEAK_DBG" ]; then cmd="$RUN_COMMAND_DBG $cmd" fi echo $cmd - $cmd > $tmpLogFile + $cmd > $tmpLogFile 2>&1 if [ -z "$MEMLEAK_DBG" ]; then cat $tmpLogFile grep "Memory Leak:" $tmpLogFile |