Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 07:15:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1382994 - Fix UAF in InitializeNSSWithFallbacks. r=keeler

Browse Source 
MozReview-Commit-ID: 6OYl5wlPy5W

--HG--
extra : rebase_source : fce3e52edc55c970feca67a82c71fa2bb2b5d9b7
This commit is contained in:
Tristan Bourvon 2017-07-21 12:14:38 +02:00
parent fe3e3051bd
commit 64e1ded43a
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
security/manager/ssl/nsNSSComponent.cpp
View File

@ -1715,12 +1715,13 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE; return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE;
} }
const char* profilePathCStr = PromiseFlatCString(profilePath).get();
const nsCString& profilePathCStr = PromiseFlatCString(profilePath);
// Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules. // Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
#ifndef ANDROID #ifndef ANDROID
PRErrorCode savedPRErrorCode1; PRErrorCode savedPRErrorCode1;
#endif // ifndef ANDROID #endif // ifndef ANDROID
SECStatus srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false, SECStatus srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false,
!safeMode); !safeMode);
if (srv == SECSuccess) { if (srv == SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode")); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
@ -1731,7 +1732,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
PRErrorCode savedPRErrorCode2; PRErrorCode savedPRErrorCode2;
#endif // ifndef ANDROID #endif // ifndef ANDROID
// That failed. Try read-only mode. // That failed. Try read-only mode.
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, true, !safeMode); srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), true, !safeMode);
if (srv == SECSuccess) { if (srv == SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode")); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode"));
return NS_OK; return NS_OK;
@ -1752,7 +1753,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
// problem, but for some reason the combination of read-only and no-moddb // problem, but for some reason the combination of read-only and no-moddb
// flags causes NSS initialization to fail, so unfortunately we have to use // flags causes NSS initialization to fail, so unfortunately we have to use
// read-write mode. // read-write mode.
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false, false); srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, false);
if (srv == SECSuccess) { if (srv == SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FIPS may be the problem")); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FIPS may be the problem"));
// Unload NSS so we can attempt to fix this situation for the user. // Unload NSS so we can attempt to fix this situation for the user.
@ -1768,12 +1769,12 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
if (NS_FAILED(rv)) { if (NS_FAILED(rv)) {
return rv; return rv;
} }
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false, true); srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, true);
if (srv == SECSuccess) { if (srv == SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode")); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode"));
return NS_OK; return NS_OK;
} }
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, true, true); srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), true, true);
if (srv == SECSuccess) { if (srv == SECSuccess) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r-o mode")); MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r-o mode"));
return NS_OK; return NS_OK;