main/nss/cve-2011-3640.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141

Index: mozilla/security/nss/lib/softoken/sftkmod.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v
retrieving revision 1.8
diff -p -u -r1.8 sftkmod.c
--- a/mozilla/security/nss/lib/softoken/sftkmod.c	15 Jan 2011 20:59:11 -0000	1.8
+++ b/mozilla/security/nss/lib/softoken/sftkmod.c	2 Oct 2011 14:45:28 -0000
@@ -179,15 +179,18 @@ char *sftk_getOldSecmodName(const char *
     char *sep;
 
     sep = PORT_Strrchr(dirPath,*PATH_SEPARATOR);
-#ifdef WINDOWS
+#ifdef _WIN32
     if (!sep) {
-	sep = PORT_Strrchr(dirPath,'/');
+	/* pkcs11i.h defines PATH_SEPARATOR as "/" for all platforms. */
+	sep = PORT_Strrchr(dirPath,'\\');
     }
 #endif
     if (sep) {
-	*(sep)=0;
+	*sep = 0;
+	file = PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
+    } else {
+	file = PR_smprintf("%s", filename);
     }
-    file= PR_smprintf("%s"PATH_SEPARATOR"%s", dirPath, filename);
     PORT_Free(dirPath);
     return file;
 }
@@ -242,13 +245,18 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
     char *paramsValue=NULL;
     PRBool failed = PR_TRUE;
 
-    if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
+    if ((dbname != NULL) &&
+		((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
 	return sftkdbCall_ReadSecmodDB(appName, filename, dbname, params, rw);
     }
 
     moduleList = (char **) PORT_ZAlloc(useCount*sizeof(char **));
     if (moduleList == NULL) return NULL;
 
+    if (dbname == NULL) {
+	goto return_default;
+    }
+
     /* do we really want to use streams here */
     fd = fopen(dbname, "r");
     if (fd == NULL) goto done;
@@ -405,7 +413,11 @@ sftkdb_ReadSecmodDB(SDBType dbType, cons
 	moduleString = NULL;
     }
 done:
-    /* if we couldn't open a pkcs11 database, look for the old one */
+    /* If we couldn't open a pkcs11 database, look for the old one.
+     * This is necessary to maintain the semantics of the transition from
+     * old to new DB's. If there is an old DB and not new DB, we will
+     * automatically use the old DB. If the DB was opened read/write, we
+     * create a new db and upgrade it from the old one. */
     if (fd == NULL) {
 	char *olddbname = sftk_getOldSecmodName(dbname,filename);
 	PRStatus status;
@@ -462,6 +474,8 @@ bail:
 	    PR_smprintf_free(olddbname);
 	}
     }
+
+return_default:
 	
     if (!moduleList[0]) {
 	char * newParams;
@@ -515,7 +529,8 @@ sftkdb_ReleaseSecmodDBData(SDBType dbTyp
 			const char *filename, const char *dbname, 
 			char **moduleSpecList, PRBool rw)
 {
-    if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
+    if ((dbname != NULL) &&
+		((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS))) {
 	return sftkdbCall_ReleaseSecmodDBData(appName, filename, dbname, 
 					  moduleSpecList, rw);
     }
@@ -546,6 +561,10 @@ sftkdb_DeleteSecmodDB(SDBType dbType, co
     PRBool skip = PR_FALSE;
     PRBool found = PR_FALSE;
 
+    if (dbname == NULL) {
+	return SECFailure;
+    }
+
     if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
 	return sftkdbCall_DeleteSecmodDB(appName, filename, dbname, args, rw);
     }
@@ -669,6 +688,10 @@ sftkdb_AddSecmodDB(SDBType dbType, const
     char *block = NULL;
     PRBool libFound = PR_FALSE;
 
+    if (dbname == NULL) {
+	return SECFailure;
+    }
+
     if ((dbType == SDB_LEGACY) || (dbType == SDB_MULTIACCESS)) {
 	return sftkdbCall_AddSecmodDB(appName, filename, dbname, module, rw);
     }
Index: mozilla/security/nss/lib/softoken/sftkpars.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/softoken/sftkpars.c,v
retrieving revision 1.11
diff -p -u -r1.11 sftkpars.c
--- a/mozilla/security/nss/lib/softoken/sftkpars.c	18 Jun 2010 04:09:27 -0000	1.11
+++ b/mozilla/security/nss/lib/softoken/sftkpars.c	2 Oct 2011 14:45:29 -0000
@@ -607,6 +607,7 @@ sftk_getSecmodName(char *param, SDBType 
     char *value = NULL;
     char *save_params = param;
     const char *lconfigdir;
+    PRBool noModDB = PR_FALSE;
     param = sftk_argStrip(param);
 	
 
@@ -631,7 +632,10 @@ sftk_getSecmodName(char *param, SDBType 
 
    if (sftk_argHasFlag("flags","noModDB",save_params)) {
 	/* there isn't a module db, don't load the legacy support */
+	noModDB = PR_TRUE;
 	*dbType = SDB_SQL;
+	PORT_Free(*filename);
+	*filename = NULL;
         *rw = PR_FALSE;
    }
 
@@ -640,7 +644,9 @@ sftk_getSecmodName(char *param, SDBType 
 	secmodName="pkcs11.txt";
    }
 
-   if (lconfigdir) {
+   if (noModDB) {
+	value = NULL;
+   } else if (lconfigdir && lconfigdir[0] != '\0') {
 	value = PR_smprintf("%s" PATH_SEPARATOR "%s",lconfigdir,secmodName);
    } else {
 	value = PR_smprintf("%s",secmodName);