1 |
commit: 78717184c7294a8a8a444c6a957f7a15358c39b9 |
2 |
Author: Ian Stakenvicius <axs <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 22 16:46:07 2019 +0000 |
4 |
Commit: Ian Stakenvicius <axs <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 22 20:03:31 2019 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78717184 |
7 |
|
8 |
dev-libs/nss: patch to fix a rare CMS related crash |
9 |
|
10 |
Patch forward-ported from 3.36.7 (will also be included in 3.42) |
11 |
|
12 |
Signed-off-by: Ian Stakenvicius <axs <AT> gentoo.org> |
13 |
Package-Manager: Portage-2.3.49, Repoman-2.3.11 |
14 |
|
15 |
dev-libs/nss/files/nss-3.36.7-fix-cms.patch | 531 +++++++++++++++++++++ |
16 |
.../nss/{nss-3.41.ebuild => nss-3.40.1-r1.ebuild} | 4 +- |
17 |
.../nss/{nss-3.41.ebuild => nss-3.41-r1.ebuild} | 4 +- |
18 |
3 files changed, 537 insertions(+), 2 deletions(-) |
19 |
|
20 |
diff --git a/dev-libs/nss/files/nss-3.36.7-fix-cms.patch b/dev-libs/nss/files/nss-3.36.7-fix-cms.patch |
21 |
new file mode 100644 |
22 |
index 00000000000..57b4cdaf5a5 |
23 |
--- /dev/null |
24 |
+++ b/dev-libs/nss/files/nss-3.36.7-fix-cms.patch |
25 |
@@ -0,0 +1,531 @@ |
26 |
+From d54a1f812ae23ec11d2af6ed93ba1a11609421a8 Mon Sep 17 00:00:00 2001 |
27 |
+From: "J.C. Jones" <jjones@×××××××.com> |
28 |
+Date: Mon, 14 Jan 2019 10:35:25 -0700 |
29 |
+Subject: [PATCH] Bug 1507135 - Add additional null checks to CMS message |
30 |
+ functions r=mt |
31 |
+ |
32 |
+Differential review: https://phabricator.services.mozilla.com//D16488 |
33 |
+ |
34 |
+--HG-- |
35 |
+branch : NSS_3_36_BRANCH |
36 |
+extra : transplant_source : 1%02%80%21%BE%C8B%D5%21%D7%0CR%00%ED%B6%EA%84a%FA%23 |
37 |
+--- |
38 |
+ lib/smime/cmsmessage.c | 69 ++++++++++++++++++++++++++++++++++++------ |
39 |
+ 1 file changed, 59 insertions(+), 10 deletions(-) |
40 |
+ |
41 |
+diff --git a/lib/smime/cmsmessage.c b/lib/smime/cmsmessage.c |
42 |
+index 27d1256ec..f41a432b1 100644 |
43 |
+--- a/lib/smime/cmsmessage.c |
44 |
++++ b/lib/smime/cmsmessage.c |
45 |
+@@ -29,8 +29,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp) |
46 |
+ |
47 |
+ if (poolp == NULL) { |
48 |
+ poolp = PORT_NewArena(1024); /* XXX what is right value? */ |
49 |
+- if (poolp == NULL) |
50 |
++ if (poolp == NULL) { |
51 |
+ return NULL; |
52 |
++ } |
53 |
+ poolp_is_ours = PR_TRUE; |
54 |
+ } |
55 |
+ |
56 |
+@@ -44,8 +45,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp) |
57 |
+ if (mark) { |
58 |
+ PORT_ArenaRelease(poolp, mark); |
59 |
+ } |
60 |
+- } else |
61 |
++ } else { |
62 |
+ PORT_FreeArena(poolp, PR_FALSE); |
63 |
++ } |
64 |
+ return NULL; |
65 |
+ } |
66 |
+ |
67 |
+@@ -53,8 +55,9 @@ NSS_CMSMessage_Create(PLArenaPool *poolp) |
68 |
+ cmsg->poolp_is_ours = poolp_is_ours; |
69 |
+ cmsg->refCount = 1; |
70 |
+ |
71 |
+- if (mark) |
72 |
++ if (mark) { |
73 |
+ PORT_ArenaUnmark(poolp, mark); |
74 |
++ } |
75 |
+ |
76 |
+ return cmsg; |
77 |
+ } |
78 |
+@@ -73,8 +76,13 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, |
79 |
+ NSSCMSGetDecryptKeyCallback decrypt_key_cb, void *decrypt_key_cb_arg, |
80 |
+ SECAlgorithmID **detached_digestalgs, SECItem **detached_digests) |
81 |
+ { |
82 |
+- if (pwfn) |
83 |
++ if (cmsg == NULL) { |
84 |
++ return; |
85 |
++ } |
86 |
++ if (pwfn) { |
87 |
+ PK11_SetPasswordFunc(pwfn); |
88 |
++ } |
89 |
++ |
90 |
+ cmsg->pwfn_arg = pwfn_arg; |
91 |
+ cmsg->decrypt_key_cb = decrypt_key_cb; |
92 |
+ cmsg->decrypt_key_cb_arg = decrypt_key_cb_arg; |
93 |
+@@ -89,18 +97,21 @@ void |
94 |
+ NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg) |
95 |
+ { |
96 |
+ PORT_Assert(cmsg->refCount > 0); |
97 |
+- if (cmsg->refCount <= 0) /* oops */ |
98 |
++ if (cmsg->refCount <= 0) { /* oops */ |
99 |
+ return; |
100 |
++ } |
101 |
+ |
102 |
+ cmsg->refCount--; /* thread safety? */ |
103 |
+- if (cmsg->refCount > 0) |
104 |
++ if (cmsg->refCount > 0) { |
105 |
+ return; |
106 |
++ } |
107 |
+ |
108 |
+ NSS_CMSContentInfo_Destroy(&(cmsg->contentInfo)); |
109 |
+ |
110 |
+ /* if poolp is not NULL, cmsg is the owner of its arena */ |
111 |
+- if (cmsg->poolp_is_ours) |
112 |
++ if (cmsg->poolp_is_ours) { |
113 |
+ PORT_FreeArena(cmsg->poolp, PR_FALSE); /* XXX clear it? */ |
114 |
++ } |
115 |
+ } |
116 |
+ |
117 |
+ /* |
118 |
+@@ -112,8 +123,9 @@ NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg) |
119 |
+ NSSCMSMessage * |
120 |
+ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg) |
121 |
+ { |
122 |
+- if (cmsg == NULL) |
123 |
++ if (cmsg == NULL) { |
124 |
+ return NULL; |
125 |
++ } |
126 |
+ |
127 |
+ PORT_Assert(cmsg->refCount > 0); |
128 |
+ |
129 |
+@@ -127,6 +139,10 @@ NSS_CMSMessage_Copy(NSSCMSMessage *cmsg) |
130 |
+ PLArenaPool * |
131 |
+ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) |
132 |
+ { |
133 |
++ if (cmsg == NULL) { |
134 |
++ return NULL; |
135 |
++ } |
136 |
++ |
137 |
+ return cmsg->poolp; |
138 |
+ } |
139 |
+ |
140 |
+@@ -136,6 +152,10 @@ NSS_CMSMessage_GetArena(NSSCMSMessage *cmsg) |
141 |
+ NSSCMSContentInfo * |
142 |
+ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) |
143 |
+ { |
144 |
++ if (cmsg == NULL) { |
145 |
++ return NULL; |
146 |
++ } |
147 |
++ |
148 |
+ return &(cmsg->contentInfo); |
149 |
+ } |
150 |
+ |
151 |
+@@ -147,6 +167,10 @@ NSS_CMSMessage_GetContentInfo(NSSCMSMessage *cmsg) |
152 |
+ SECItem * |
153 |
+ NSS_CMSMessage_GetContent(NSSCMSMessage *cmsg) |
154 |
+ { |
155 |
++ if (cmsg == NULL) { |
156 |
++ return NULL; |
157 |
++ } |
158 |
++ |
159 |
+ /* this is a shortcut */ |
160 |
+ NSSCMSContentInfo *cinfo = NSS_CMSMessage_GetContentInfo(cmsg); |
161 |
+ SECItem *pItem = NSS_CMSContentInfo_GetInnerContent(cinfo); |
162 |
+@@ -164,6 +188,10 @@ NSS_CMSMessage_ContentLevelCount(NSSCMSMessage *cmsg) |
163 |
+ int count = 0; |
164 |
+ NSSCMSContentInfo *cinfo; |
165 |
+ |
166 |
++ if (cmsg == NULL) { |
167 |
++ return 0; |
168 |
++ } |
169 |
++ |
170 |
+ /* walk down the chain of contentinfos */ |
171 |
+ for (cinfo = &(cmsg->contentInfo); cinfo != NULL;) { |
172 |
+ count++; |
173 |
+@@ -183,6 +211,10 @@ NSS_CMSMessage_ContentLevel(NSSCMSMessage *cmsg, int n) |
174 |
+ int count = 0; |
175 |
+ NSSCMSContentInfo *cinfo; |
176 |
+ |
177 |
++ if (cmsg == NULL) { |
178 |
++ return NULL; |
179 |
++ } |
180 |
++ |
181 |
+ /* walk down the chain of contentinfos */ |
182 |
+ for (cinfo = &(cmsg->contentInfo); cinfo != NULL && count < n; |
183 |
+ cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { |
184 |
+@@ -200,6 +232,10 @@ NSS_CMSMessage_ContainsCertsOrCrls(NSSCMSMessage *cmsg) |
185 |
+ { |
186 |
+ NSSCMSContentInfo *cinfo; |
187 |
+ |
188 |
++ if (cmsg == NULL) { |
189 |
++ return PR_FALSE; |
190 |
++ } |
191 |
++ |
192 |
+ /* descend into CMS message */ |
193 |
+ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; |
194 |
+ cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { |
195 |
+@@ -221,6 +257,10 @@ NSS_CMSMessage_IsEncrypted(NSSCMSMessage *cmsg) |
196 |
+ { |
197 |
+ NSSCMSContentInfo *cinfo; |
198 |
+ |
199 |
++ if (cmsg == NULL) { |
200 |
++ return PR_FALSE; |
201 |
++ } |
202 |
++ |
203 |
+ /* walk down the chain of contentinfos */ |
204 |
+ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; |
205 |
+ cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { |
206 |
+@@ -251,13 +291,21 @@ NSS_CMSMessage_IsSigned(NSSCMSMessage *cmsg) |
207 |
+ { |
208 |
+ NSSCMSContentInfo *cinfo; |
209 |
+ |
210 |
++ if (cmsg == NULL) { |
211 |
++ return PR_FALSE; |
212 |
++ } |
213 |
++ |
214 |
+ /* walk down the chain of contentinfos */ |
215 |
+ for (cinfo = &(cmsg->contentInfo); cinfo != NULL; |
216 |
+ cinfo = NSS_CMSContentInfo_GetChildContentInfo(cinfo)) { |
217 |
+ switch (NSS_CMSContentInfo_GetContentTypeTag(cinfo)) { |
218 |
+ case SEC_OID_PKCS7_SIGNED_DATA: |
219 |
+- if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) |
220 |
++ if (cinfo->content.signedData == NULL) { |
221 |
++ return PR_FALSE; |
222 |
++ } |
223 |
++ if (!NSS_CMSArray_IsEmpty((void **)cinfo->content.signedData->signerInfos)) { |
224 |
+ return PR_TRUE; |
225 |
++ } |
226 |
+ break; |
227 |
+ default: |
228 |
+ /* callback here for generic wrappers? */ |
229 |
+@@ -278,8 +326,9 @@ NSS_CMSMessage_IsContentEmpty(NSSCMSMessage *cmsg, unsigned int minLen) |
230 |
+ { |
231 |
+ SECItem *item = NULL; |
232 |
+ |
233 |
+- if (cmsg == NULL) |
234 |
++ if (cmsg == NULL) { |
235 |
+ return PR_TRUE; |
236 |
++ } |
237 |
+ |
238 |
+ item = NSS_CMSContentInfo_GetContent(NSS_CMSMessage_GetContentInfo(cmsg)); |
239 |
+ |
240 |
+From fa26771e9515cc82c941fcef689dd797a3e308c3 Mon Sep 17 00:00:00 2001 |
241 |
+From: "J.C. Jones" <jjones@×××××××.com> |
242 |
+Date: Fri, 11 Jan 2019 22:33:16 -0700 |
243 |
+Subject: [PATCH] Bug 1507174 - Add additional null checks to other CMS |
244 |
+ functions r=mt |
245 |
+ |
246 |
+Differential review: https://phabricator.services.mozilla.com//D16383 |
247 |
+ |
248 |
+--HG-- |
249 |
+branch : NSS_3_36_BRANCH |
250 |
+extra : transplant_source : %B5%A8su%96%5B%BE%F9%CD%93%E0%EE%93a4c%1BYp%09 |
251 |
+--- |
252 |
+ lib/smime/cmscinfo.c | 92 ++++++++++++++++++++++++++++++++++++------ |
253 |
+ lib/smime/cmsdigdata.c | 4 +- |
254 |
+ lib/smime/cmsencdata.c | 4 +- |
255 |
+ lib/smime/cmsenvdata.c | 5 +++ |
256 |
+ lib/smime/cmsmessage.c | 3 ++ |
257 |
+ lib/smime/cmsudf.c | 2 +- |
258 |
+ 6 files changed, 95 insertions(+), 15 deletions(-) |
259 |
+ |
260 |
+diff --git a/lib/smime/cmscinfo.c b/lib/smime/cmscinfo.c |
261 |
+index 08db662f8..453ccaada 100644 |
262 |
+--- a/lib/smime/cmscinfo.c |
263 |
++++ b/lib/smime/cmscinfo.c |
264 |
+@@ -51,6 +51,10 @@ NSS_CMSContentInfo_Destroy(NSSCMSContentInfo *cinfo) |
265 |
+ { |
266 |
+ SECOidTag kind; |
267 |
+ |
268 |
++ if (cinfo == NULL) { |
269 |
++ return; |
270 |
++ } |
271 |
++ |
272 |
+ kind = NSS_CMSContentInfo_GetContentTypeTag(cinfo); |
273 |
+ switch (kind) { |
274 |
+ case SEC_OID_PKCS7_ENVELOPED_DATA: |
275 |
+@@ -86,6 +90,11 @@ NSSCMSContentInfo * |
276 |
+ NSS_CMSContentInfo_GetChildContentInfo(NSSCMSContentInfo *cinfo) |
277 |
+ { |
278 |
+ NSSCMSContentInfo *ccinfo = NULL; |
279 |
++ |
280 |
++ if (cinfo == NULL) { |
281 |
++ return NULL; |
282 |
++ } |
283 |
++ |
284 |
+ SECOidTag tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); |
285 |
+ switch (tag) { |
286 |
+ case SEC_OID_PKCS7_SIGNED_DATA: |
287 |
+@@ -127,6 +136,9 @@ SECStatus |
288 |
+ NSS_CMSContentInfo_SetDontStream(NSSCMSContentInfo *cinfo, PRBool dontStream) |
289 |
+ { |
290 |
+ SECStatus rv; |
291 |
++ if (cinfo == NULL) { |
292 |
++ return SECFailure; |
293 |
++ } |
294 |
+ |
295 |
+ rv = NSS_CMSContentInfo_Private_Init(cinfo); |
296 |
+ if (rv != SECSuccess) { |
297 |
+@@ -145,15 +157,20 @@ NSS_CMSContentInfo_SetContent(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, |
298 |
+ SECOidTag type, void *ptr) |
299 |
+ { |
300 |
+ SECStatus rv; |
301 |
++ if (cinfo == NULL || cmsg == NULL) { |
302 |
++ return SECFailure; |
303 |
++ } |
304 |
+ |
305 |
+ cinfo->contentTypeTag = SECOID_FindOIDByTag(type); |
306 |
+- if (cinfo->contentTypeTag == NULL) |
307 |
++ if (cinfo->contentTypeTag == NULL) { |
308 |
+ return SECFailure; |
309 |
++ } |
310 |
+ |
311 |
+ /* do not copy the oid, just create a reference */ |
312 |
+ rv = SECITEM_CopyItem(cmsg->poolp, &(cinfo->contentType), &(cinfo->contentTypeTag->oid)); |
313 |
+- if (rv != SECSuccess) |
314 |
++ if (rv != SECSuccess) { |
315 |
+ return SECFailure; |
316 |
++ } |
317 |
+ |
318 |
+ cinfo->content.pointer = ptr; |
319 |
+ |
320 |
+@@ -185,8 +202,9 @@ SECStatus |
321 |
+ NSS_CMSContentInfo_SetContent_Data(NSSCMSMessage *cmsg, NSSCMSContentInfo *cinfo, |
322 |
+ SECItem *data, PRBool detached) |
323 |
+ { |
324 |
+- if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess) |
325 |
++ if (NSS_CMSContentInfo_SetContent(cmsg, cinfo, SEC_OID_PKCS7_DATA, (void *)data) != SECSuccess) { |
326 |
+ return SECFailure; |
327 |
++ } |
328 |
+ if (detached) { |
329 |
+ cinfo->rawContent = NULL; |
330 |
+ } |
331 |
+@@ -230,6 +248,10 @@ NSS_CMSContentInfo_SetContent_EncryptedData(NSSCMSMessage *cmsg, NSSCMSContentIn |
332 |
+ void * |
333 |
+ NSS_CMSContentInfo_GetContent(NSSCMSContentInfo *cinfo) |
334 |
+ { |
335 |
++ if (cinfo == NULL) { |
336 |
++ return NULL; |
337 |
++ } |
338 |
++ |
339 |
+ SECOidTag tag = cinfo->contentTypeTag |
340 |
+ ? cinfo->contentTypeTag->offset |
341 |
+ : SEC_OID_UNKNOWN; |
342 |
+@@ -260,6 +282,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) |
343 |
+ SECOidTag tag; |
344 |
+ SECItem *pItem = NULL; |
345 |
+ |
346 |
++ if (cinfo == NULL) { |
347 |
++ return NULL; |
348 |
++ } |
349 |
++ |
350 |
+ tag = NSS_CMSContentInfo_GetContentTypeTag(cinfo); |
351 |
+ if (NSS_CMSType_IsData(tag)) { |
352 |
+ pItem = cinfo->content.data; |
353 |
+@@ -282,6 +308,10 @@ NSS_CMSContentInfo_GetInnerContent(NSSCMSContentInfo *cinfo) |
354 |
+ SECOidTag |
355 |
+ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) |
356 |
+ { |
357 |
++ if (cinfo == NULL) { |
358 |
++ return SEC_OID_UNKNOWN; |
359 |
++ } |
360 |
++ |
361 |
+ if (cinfo->contentTypeTag == NULL) |
362 |
+ cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); |
363 |
+ |
364 |
+@@ -294,11 +324,17 @@ NSS_CMSContentInfo_GetContentTypeTag(NSSCMSContentInfo *cinfo) |
365 |
+ SECItem * |
366 |
+ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) |
367 |
+ { |
368 |
+- if (cinfo->contentTypeTag == NULL) |
369 |
++ if (cinfo == NULL) { |
370 |
++ return NULL; |
371 |
++ } |
372 |
++ |
373 |
++ if (cinfo->contentTypeTag == NULL) { |
374 |
+ cinfo->contentTypeTag = SECOID_FindOID(&(cinfo->contentType)); |
375 |
++ } |
376 |
+ |
377 |
+- if (cinfo->contentTypeTag == NULL) |
378 |
++ if (cinfo->contentTypeTag == NULL) { |
379 |
+ return NULL; |
380 |
++ } |
381 |
+ |
382 |
+ return &(cinfo->contentTypeTag->oid); |
383 |
+ } |
384 |
+@@ -310,8 +346,13 @@ NSS_CMSContentInfo_GetContentTypeOID(NSSCMSContentInfo *cinfo) |
385 |
+ SECOidTag |
386 |
+ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) |
387 |
+ { |
388 |
+- if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) |
389 |
++ if (cinfo == NULL) { |
390 |
++ return SEC_OID_UNKNOWN; |
391 |
++ } |
392 |
++ |
393 |
++ if (cinfo->contentEncAlgTag == SEC_OID_UNKNOWN) { |
394 |
+ cinfo->contentEncAlgTag = SECOID_GetAlgorithmTag(&(cinfo->contentEncAlg)); |
395 |
++ } |
396 |
+ |
397 |
+ return cinfo->contentEncAlgTag; |
398 |
+ } |
399 |
+@@ -322,6 +363,10 @@ NSS_CMSContentInfo_GetContentEncAlgTag(NSSCMSContentInfo *cinfo) |
400 |
+ SECAlgorithmID * |
401 |
+ NSS_CMSContentInfo_GetContentEncAlg(NSSCMSContentInfo *cinfo) |
402 |
+ { |
403 |
++ if (cinfo == NULL) { |
404 |
++ return NULL; |
405 |
++ } |
406 |
++ |
407 |
+ return &(cinfo->contentEncAlg); |
408 |
+ } |
409 |
+ |
410 |
+@@ -330,10 +375,14 @@ NSS_CMSContentInfo_SetContentEncAlg(PLArenaPool *poolp, NSSCMSContentInfo *cinfo |
411 |
+ SECOidTag bulkalgtag, SECItem *parameters, int keysize) |
412 |
+ { |
413 |
+ SECStatus rv; |
414 |
++ if (cinfo == NULL) { |
415 |
++ return SECFailure; |
416 |
++ } |
417 |
+ |
418 |
+ rv = SECOID_SetAlgorithmID(poolp, &(cinfo->contentEncAlg), bulkalgtag, parameters); |
419 |
+- if (rv != SECSuccess) |
420 |
++ if (rv != SECSuccess) { |
421 |
+ return SECFailure; |
422 |
++ } |
423 |
+ cinfo->keysize = keysize; |
424 |
+ return SECSuccess; |
425 |
+ } |
426 |
+@@ -343,27 +392,42 @@ NSS_CMSContentInfo_SetContentEncAlgID(PLArenaPool *poolp, NSSCMSContentInfo *cin |
427 |
+ SECAlgorithmID *algid, int keysize) |
428 |
+ { |
429 |
+ SECStatus rv; |
430 |
++ if (cinfo == NULL) { |
431 |
++ return SECFailure; |
432 |
++ } |
433 |
+ |
434 |
+ rv = SECOID_CopyAlgorithmID(poolp, &(cinfo->contentEncAlg), algid); |
435 |
+- if (rv != SECSuccess) |
436 |
++ if (rv != SECSuccess) { |
437 |
+ return SECFailure; |
438 |
+- if (keysize >= 0) |
439 |
++ } |
440 |
++ if (keysize >= 0) { |
441 |
+ cinfo->keysize = keysize; |
442 |
++ } |
443 |
+ return SECSuccess; |
444 |
+ } |
445 |
+ |
446 |
+ void |
447 |
+ NSS_CMSContentInfo_SetBulkKey(NSSCMSContentInfo *cinfo, PK11SymKey *bulkkey) |
448 |
+ { |
449 |
+- cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); |
450 |
+- cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); |
451 |
++ if (cinfo == NULL) { |
452 |
++ return; |
453 |
++ } |
454 |
++ |
455 |
++ if (bulkkey == NULL) { |
456 |
++ cinfo->bulkkey = NULL; |
457 |
++ cinfo->keysize = 0; |
458 |
++ } else { |
459 |
++ cinfo->bulkkey = PK11_ReferenceSymKey(bulkkey); |
460 |
++ cinfo->keysize = PK11_GetKeyStrength(cinfo->bulkkey, &(cinfo->contentEncAlg)); |
461 |
++ } |
462 |
+ } |
463 |
+ |
464 |
+ PK11SymKey * |
465 |
+ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) |
466 |
+ { |
467 |
+- if (cinfo->bulkkey == NULL) |
468 |
++ if (cinfo == NULL || cinfo->bulkkey == NULL) { |
469 |
+ return NULL; |
470 |
++ } |
471 |
+ |
472 |
+ return PK11_ReferenceSymKey(cinfo->bulkkey); |
473 |
+ } |
474 |
+@@ -371,5 +435,9 @@ NSS_CMSContentInfo_GetBulkKey(NSSCMSContentInfo *cinfo) |
475 |
+ int |
476 |
+ NSS_CMSContentInfo_GetBulkKeySize(NSSCMSContentInfo *cinfo) |
477 |
+ { |
478 |
++ if (cinfo == NULL) { |
479 |
++ return 0; |
480 |
++ } |
481 |
++ |
482 |
+ return cinfo->keysize; |
483 |
+ } |
484 |
+diff --git a/lib/smime/cmsdigdata.c b/lib/smime/cmsdigdata.c |
485 |
+index 9ea22702e..a249686bb 100644 |
486 |
+--- a/lib/smime/cmsdigdata.c |
487 |
++++ b/lib/smime/cmsdigdata.c |
488 |
+@@ -56,7 +56,9 @@ void |
489 |
+ NSS_CMSDigestedData_Destroy(NSSCMSDigestedData *digd) |
490 |
+ { |
491 |
+ /* everything's in a pool, so don't worry about the storage */ |
492 |
+- NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); |
493 |
++ if (digd != NULL) { |
494 |
++ NSS_CMSContentInfo_Destroy(&(digd->contentInfo)); |
495 |
++ } |
496 |
+ return; |
497 |
+ } |
498 |
+ |
499 |
+diff --git a/lib/smime/cmsencdata.c b/lib/smime/cmsencdata.c |
500 |
+index c3a4549ad..8b520b439 100644 |
501 |
+--- a/lib/smime/cmsencdata.c |
502 |
++++ b/lib/smime/cmsencdata.c |
503 |
+@@ -87,7 +87,9 @@ void |
504 |
+ NSS_CMSEncryptedData_Destroy(NSSCMSEncryptedData *encd) |
505 |
+ { |
506 |
+ /* everything's in a pool, so don't worry about the storage */ |
507 |
+- NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); |
508 |
++ if (encd != NULL) { |
509 |
++ NSS_CMSContentInfo_Destroy(&(encd->contentInfo)); |
510 |
++ } |
511 |
+ return; |
512 |
+ } |
513 |
+ |
514 |
+diff --git a/lib/smime/cmsenvdata.c b/lib/smime/cmsenvdata.c |
515 |
+index f2c8e171d..9bc77be8b 100644 |
516 |
+--- a/lib/smime/cmsenvdata.c |
517 |
++++ b/lib/smime/cmsenvdata.c |
518 |
+@@ -144,6 +144,11 @@ NSS_CMSEnvelopedData_Encode_BeforeStart(NSSCMSEnvelopedData *envd) |
519 |
+ poolp = envd->cmsg->poolp; |
520 |
+ cinfo = &(envd->contentInfo); |
521 |
+ |
522 |
++ if (cinfo == NULL) { |
523 |
++ PORT_SetError(SEC_ERROR_BAD_DATA); |
524 |
++ goto loser; |
525 |
++ } |
526 |
++ |
527 |
+ recipientinfos = envd->recipientInfos; |
528 |
+ if (recipientinfos == NULL) { |
529 |
+ PORT_SetError(SEC_ERROR_BAD_DATA); |
530 |
+diff --git a/lib/smime/cmsmessage.c b/lib/smime/cmsmessage.c |
531 |
+index f41a432b1..366b71aba 100644 |
532 |
+--- a/lib/smime/cmsmessage.c |
533 |
++++ b/lib/smime/cmsmessage.c |
534 |
+@@ -96,6 +96,9 @@ NSS_CMSMessage_SetEncodingParams(NSSCMSMessage *cmsg, |
535 |
+ void |
536 |
+ NSS_CMSMessage_Destroy(NSSCMSMessage *cmsg) |
537 |
+ { |
538 |
++ if (cmsg == NULL) |
539 |
++ return; |
540 |
++ |
541 |
+ PORT_Assert(cmsg->refCount > 0); |
542 |
+ if (cmsg->refCount <= 0) { /* oops */ |
543 |
+ return; |
544 |
+diff --git a/lib/smime/cmsudf.c b/lib/smime/cmsudf.c |
545 |
+index 3ef4268d4..5c8a81e6d 100644 |
546 |
+--- a/lib/smime/cmsudf.c |
547 |
++++ b/lib/smime/cmsudf.c |
548 |
+@@ -239,7 +239,7 @@ NSS_CMSGenericWrapperData_Destroy(SECOidTag type, NSSCMSGenericWrapperData *gd) |
549 |
+ { |
550 |
+ const nsscmstypeInfo *typeInfo = nss_cmstype_lookup(type); |
551 |
+ |
552 |
+- if (typeInfo && typeInfo->destroy) { |
553 |
++ if (typeInfo && (typeInfo->destroy) && (gd != NULL)) { |
554 |
+ (*typeInfo->destroy)(gd); |
555 |
+ } |
556 |
+ } |
557 |
|
558 |
diff --git a/dev-libs/nss/nss-3.41.ebuild b/dev-libs/nss/nss-3.40.1-r1.ebuild |
559 |
similarity index 98% |
560 |
copy from dev-libs/nss/nss-3.41.ebuild |
561 |
copy to dev-libs/nss/nss-3.40.1-r1.ebuild |
562 |
index 9ce8edd6659..907e54788a6 100644 |
563 |
--- a/dev-libs/nss/nss-3.41.ebuild |
564 |
+++ b/dev-libs/nss/nss-3.40.1-r1.ebuild |
565 |
@@ -1,4 +1,4 @@ |
566 |
-# Copyright 1999-2018 Gentoo Authors |
567 |
+# Copyright 1999-2019 Gentoo Authors |
568 |
# Distributed under the terms of the GNU General Public License v2 |
569 |
|
570 |
EAPI=7 |
571 |
@@ -43,6 +43,8 @@ PATCHES=( |
572 |
"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch" |
573 |
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
574 |
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
575 |
+ # fix for bugs ported forward from 3.36.7 |
576 |
+ "${FILESDIR}/${PN}-3.36.7-fix-cms.patch" |
577 |
) |
578 |
|
579 |
src_unpack() { |
580 |
|
581 |
diff --git a/dev-libs/nss/nss-3.41.ebuild b/dev-libs/nss/nss-3.41-r1.ebuild |
582 |
similarity index 98% |
583 |
rename from dev-libs/nss/nss-3.41.ebuild |
584 |
rename to dev-libs/nss/nss-3.41-r1.ebuild |
585 |
index 9ce8edd6659..907e54788a6 100644 |
586 |
--- a/dev-libs/nss/nss-3.41.ebuild |
587 |
+++ b/dev-libs/nss/nss-3.41-r1.ebuild |
588 |
@@ -1,4 +1,4 @@ |
589 |
-# Copyright 1999-2018 Gentoo Authors |
590 |
+# Copyright 1999-2019 Gentoo Authors |
591 |
# Distributed under the terms of the GNU General Public License v2 |
592 |
|
593 |
EAPI=7 |
594 |
@@ -43,6 +43,8 @@ PATCHES=( |
595 |
"${FILESDIR}/${PN}-3.32-gentoo-fixups.patch" |
596 |
"${FILESDIR}/${PN}-3.21-gentoo-fixup-warnings.patch" |
597 |
"${FILESDIR}/${PN}-3.23-hppa-byte_order.patch" |
598 |
+ # fix for bugs ported forward from 3.36.7 |
599 |
+ "${FILESDIR}/${PN}-3.36.7-fix-cms.patch" |
600 |
) |
601 |
|
602 |
src_unpack() { |