mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=157927 Fix memory leaks in nsNSSCertificate.cpp, fix some compiler warnings, do some cleanup. 

r=javi sr=jag
This commit is contained in:
kaie%netscape.com 2002-08-23 10:40:27 +00:00
Родитель b366f360b3
Коммит 4b9a8a51c9
7 изменённых файлов: 77 добавлений и 72 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

3
security/manager/ssl/src/nsCMS.cpp
Просмотреть файл

@ -340,7 +340,8 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
CERTCertificate **recipientCerts;
PLArenaPool *tmpPoolp = nsnull;
SECOidTag bulkAlgTag;
int keySize, i;
int keySize;
PRUint32 i;
nsNSSCertificate *nssRecipientCert;
nsresult rv = NS_ERROR_FAILURE;

3
security/manager/ssl/src/nsCertTree.cpp
Просмотреть файл

@ -461,7 +461,8 @@ nsCertTree::RemoveCert(PRUint32 index)
return NS_ERROR_FAILURE;
}
int i, idx = 0, cIndex = 0, nc;
int i;
PRUint32 idx = 0, cIndex = 0, nc;
// Loop over the threads
for (i=0; i<mNumOrgs; i++) {
if (index == idx)

10
security/manager/ssl/src/nsKeygenHandler.cpp
Просмотреть файл

@ -101,8 +101,6 @@ static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
static const char *mozKeyGen = "-mozilla-keygen";
static PQGParams *
decode_pqg_params(char *aStr)
{
@ -611,20 +609,14 @@ NS_METHOD nsKeygenFormProcessor::ProvideContent(const nsString& aFormType,
nsVoidArray& aContent,
nsString& aAttribute)
{
nsString selectKey;
SECKeySizeChoiceInfo *choice = SECKeySizeChoiceList;
selectKey.Assign(NS_LITERAL_STRING("SELECT"));
if (Compare(aFormType, NS_LITERAL_STRING("SELECT"),
nsCaseInsensitiveStringComparator()) == 0) {
for (SECKeySizeChoiceInfo* choice = SECKeySizeChoiceList; choice && choice->name; ++choice) {
nsString *str = new nsString(choice->name);
aContent.AppendElement(str);
}
aAttribute.AssignWithConversion(mozKeyGen);
aAttribute.Assign(NS_LITERAL_STRING("-mozilla-keygen"));
}
return NS_OK;
}

109
security/manager/ssl/src/nsNSSCallbacks.cpp
Просмотреть файл

@ -196,70 +196,71 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
nsresult rv;
PRInt32 encryptBits;
if (SECSuccess == SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
&encryptBits, &signer, nsnull))
{
PRInt32 secStatus;
if (sslStatus == SSL_SECURITY_STATUS_OFF)
secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
else if (encryptBits >= 90)
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
nsIWebProgressListener::STATE_SECURE_HIGH);
else
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
nsIWebProgressListener::STATE_SECURE_LOW);
if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
&encryptBits, &signer, nsnull)) {
return;
}
CERTCertificate *peerCert = SSL_PeerCertificate(fd);
char* caName = CERT_GetOrgName(&peerCert->issuer);
CERT_DestroyCertificate(peerCert);
if (!caName) {
caName = signer;
}
PRInt32 secStatus;
if (sslStatus == SSL_SECURITY_STATUS_OFF)
secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
else if (encryptBits >= 90)
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
nsIWebProgressListener::STATE_SECURE_HIGH);
else
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
nsIWebProgressListener::STATE_SECURE_LOW);
// If the CA name is RSA Data Security, then change the name to the real
// name of the company i.e. VeriSign, Inc.
if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
// In this case, caName != signer since the logic implies signer
// would be at minimal "O=RSA Data Security, Inc" because caName
// is what comes after to O=. So we're OK just freeing this memory
// without checking to see if it's equal to signer;
NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
PR_Free(caName);
caName = PL_strdup("Verisign, Inc.");
}
CERTCertificate *peerCert = SSL_PeerCertificate(fd);
char* caName = CERT_GetOrgName(&peerCert->issuer);
CERT_DestroyCertificate(peerCert);
if (!caName) {
caName = signer;
}
nsXPIDLString shortDesc;
const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv))
return;
// If the CA name is RSA Data Security, then change the name to the real
// name of the company i.e. VeriSign, Inc.
if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
// In this case, caName != signer since the logic implies signer
// would be at minimal "O=RSA Data Security, Inc" because caName
// is what comes after to O=. So we're OK just freeing this memory
// without checking to see if it's equal to signer;
NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
PR_Free(caName);
caName = PL_strdup("Verisign, Inc.");
}
rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
formatStrings, 1,
getter_Copies(shortDesc));
nsXPIDLString shortDesc;
const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_SUCCEEDED(rv)) {
rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
formatStrings, 1,
getter_Copies(shortDesc));
nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
infoObject->SetSecurityState(secStatus);
infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
/* Set the SSL Status information */
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
infoObject->SetSecurityState(secStatus);
infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
/* Set the SSL Status information */
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
status->mKeyLength = keyLength;
status->mSecretKeyLength = encryptBits;
status->mCipherName.Adopt(cipherName);
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
infoObject->SetSSLStatus(status);
status->mKeyLength = keyLength;
status->mSecretKeyLength = encryptBits;
status->mCipherName.Adopt(cipherName);
if (caName != signer)
PR_Free(caName);
PR_Free(signer);
}
infoObject->SetSSLStatus(status);
}
if (caName != signer) {
PR_Free(caName);
}
PR_Free(signer);
}
SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,

2
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -628,7 +628,7 @@ nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsAutoString *url, PRTime
return NS_ERROR_FAILURE;
}
for(PRInt32 i=0;i<noOfCrls;i++) {
for(PRUint32 i=0;i<noOfCrls;i++) {
PRBool autoUpdateEnabled;
nsAutoString tempCrlKey;

16
security/manager/ssl/src/nsNSSIOLayer.cpp
Просмотреть файл

@ -1461,6 +1461,7 @@ static const SEC_ASN1Template cert_CertificateScopeOfUseTemplate[] = {
{ SEC_ASN1_SEQUENCE_OF, 0, cert_CertificateScopeEntryTemplate }
};
#if 0
/*
* decodes the extension data and create CERTCertificateScopeEntry that can
* be consumed by the code
@ -1710,6 +1711,7 @@ done:
}
return rv;
}
#endif
/*
* Function: SSMStatus SSM_SetUserCertChoice()
@ -1966,9 +1968,17 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
}
/* Get CN and O of the subject and O of the issuer */
NS_ConvertUTF8toUCS2 cn(CERT_GetCommonName(&serverCert->subject));
NS_ConvertUTF8toUCS2 org(CERT_GetOrgName(&serverCert->subject));
NS_ConvertUTF8toUCS2 issuer(CERT_GetOrgName(&serverCert->issuer));
char *ccn = CERT_GetCommonName(&serverCert->subject);
NS_ConvertUTF8toUCS2 cn(ccn);
if (ccn) PORT_Free(ccn);
char *corg = CERT_GetOrgName(&serverCert->subject);
NS_ConvertUTF8toUCS2 org(corg);
if (corg) PORT_Free(corg);
char *cissuer = CERT_GetOrgName(&serverCert->issuer);
NS_ConvertUTF8toUCS2 issuer(cissuer);
if (cissuer) PORT_Free(cissuer);
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);

6
security/manager/ssl/src/nsPKCS12Blob.cpp
Просмотреть файл

@ -31,7 +31,7 @@
* may use your version of this file under either the MPL or the
* GPL.
*
* $Id: nsPKCS12Blob.cpp,v 1.27 2002/08/06 05:37:58 henry.jia%sun.com Exp $
* $Id: nsPKCS12Blob.cpp,v 1.28 2002/08/23 10:40:27 kaie%netscape.com Exp $
*/
#include "prmem.h"
@ -597,7 +597,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
if (NS_FAILED(rv)) return nsnull;
int count = 1;
nsXPIDLCString nickname;
nsCString nickname;
nsString nickFromProp;
nssComponent->GetPIPNSSBundleString(
NS_LITERAL_STRING("P12DefaultNickname").get(),
@ -646,7 +646,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
return nsnull;
newNick->type = siAsciiString;
newNick->data = (unsigned char*) nsCRT::strdup(nickname);
newNick->data = (unsigned char*) nsCRT::strdup(nickname.get());
newNick->len = strlen((char*)newNick->data);
return newNick;
}