mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 07:15:46 +00:00
Bug 1382994 - Fix UAF in InitializeNSSWithFallbacks. r=keeler
MozReview-Commit-ID: 6OYl5wlPy5W --HG-- extra : rebase_source : fce3e52edc55c970feca67a82c71fa2bb2b5d9b7
This commit is contained in:
parent
fe3e3051bd
commit
64e1ded43a
@ -1715,12 +1715,13 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
|
|||||||
return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE;
|
return srv == SECSuccess ? NS_OK : NS_ERROR_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
const char* profilePathCStr = PromiseFlatCString(profilePath).get();
|
|
||||||
|
const nsCString& profilePathCStr = PromiseFlatCString(profilePath);
|
||||||
// Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
|
// Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
|
||||||
#ifndef ANDROID
|
#ifndef ANDROID
|
||||||
PRErrorCode savedPRErrorCode1;
|
PRErrorCode savedPRErrorCode1;
|
||||||
#endif // ifndef ANDROID
|
#endif // ifndef ANDROID
|
||||||
SECStatus srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false,
|
SECStatus srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false,
|
||||||
!safeMode);
|
!safeMode);
|
||||||
if (srv == SECSuccess) {
|
if (srv == SECSuccess) {
|
||||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
|
||||||
@ -1731,7 +1732,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
|
|||||||
PRErrorCode savedPRErrorCode2;
|
PRErrorCode savedPRErrorCode2;
|
||||||
#endif // ifndef ANDROID
|
#endif // ifndef ANDROID
|
||||||
// That failed. Try read-only mode.
|
// That failed. Try read-only mode.
|
||||||
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, true, !safeMode);
|
srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), true, !safeMode);
|
||||||
if (srv == SECSuccess) {
|
if (srv == SECSuccess) {
|
||||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode"));
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r-o mode"));
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
@ -1752,7 +1753,7 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
|
|||||||
// problem, but for some reason the combination of read-only and no-moddb
|
// problem, but for some reason the combination of read-only and no-moddb
|
||||||
// flags causes NSS initialization to fail, so unfortunately we have to use
|
// flags causes NSS initialization to fail, so unfortunately we have to use
|
||||||
// read-write mode.
|
// read-write mode.
|
||||||
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false, false);
|
srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, false);
|
||||||
if (srv == SECSuccess) {
|
if (srv == SECSuccess) {
|
||||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FIPS may be the problem"));
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("FIPS may be the problem"));
|
||||||
// Unload NSS so we can attempt to fix this situation for the user.
|
// Unload NSS so we can attempt to fix this situation for the user.
|
||||||
@ -1768,12 +1769,12 @@ InitializeNSSWithFallbacks(const nsACString& profilePath, bool nocertdb,
|
|||||||
if (NS_FAILED(rv)) {
|
if (NS_FAILED(rv)) {
|
||||||
return rv;
|
return rv;
|
||||||
}
|
}
|
||||||
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, false, true);
|
srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), false, true);
|
||||||
if (srv == SECSuccess) {
|
if (srv == SECSuccess) {
|
||||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode"));
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r/w mode"));
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
srv = ::mozilla::psm::InitializeNSS(profilePathCStr, true, true);
|
srv = ::mozilla::psm::InitializeNSS(profilePathCStr.get(), true, true);
|
||||||
if (srv == SECSuccess) {
|
if (srv == SECSuccess) {
|
||||||
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r-o mode"));
|
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized in r-o mode"));
|
||||||
return NS_OK;
|
return NS_OK;
|
||||||
|
Loading…
Reference in New Issue
Block a user