зеркало из https://github.com/mozilla/gecko-dev.git
b=157927 Fix memory leaks in nsNSSCertificate.cpp, fix some compiler warnings, do some cleanup.
r=javi sr=jag
This commit is contained in:
Родитель
b366f360b3
Коммит
4b9a8a51c9
|
@ -340,7 +340,8 @@ NS_IMETHODIMP nsCMSMessage::CreateEncrypted(nsISupportsArray * aRecipientCerts)
|
|||
CERTCertificate **recipientCerts;
|
||||
PLArenaPool *tmpPoolp = nsnull;
|
||||
SECOidTag bulkAlgTag;
|
||||
int keySize, i;
|
||||
int keySize;
|
||||
PRUint32 i;
|
||||
nsNSSCertificate *nssRecipientCert;
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
|
||||
|
|
|
@ -461,7 +461,8 @@ nsCertTree::RemoveCert(PRUint32 index)
|
|||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
int i, idx = 0, cIndex = 0, nc;
|
||||
int i;
|
||||
PRUint32 idx = 0, cIndex = 0, nc;
|
||||
// Loop over the threads
|
||||
for (i=0; i<mNumOrgs; i++) {
|
||||
if (index == idx)
|
||||
|
|
|
@ -101,8 +101,6 @@ static NS_DEFINE_IID(kFormProcessorIID, NS_IFORMPROCESSOR_IID);
|
|||
static NS_DEFINE_IID(kIDOMHTMLSelectElementIID, NS_IDOMHTMLSELECTELEMENT_IID);
|
||||
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
|
||||
|
||||
static const char *mozKeyGen = "-mozilla-keygen";
|
||||
|
||||
static PQGParams *
|
||||
decode_pqg_params(char *aStr)
|
||||
{
|
||||
|
@ -611,20 +609,14 @@ NS_METHOD nsKeygenFormProcessor::ProvideContent(const nsString& aFormType,
|
|||
nsVoidArray& aContent,
|
||||
nsString& aAttribute)
|
||||
{
|
||||
nsString selectKey;
|
||||
SECKeySizeChoiceInfo *choice = SECKeySizeChoiceList;
|
||||
|
||||
selectKey.Assign(NS_LITERAL_STRING("SELECT"));
|
||||
if (Compare(aFormType, NS_LITERAL_STRING("SELECT"),
|
||||
nsCaseInsensitiveStringComparator()) == 0) {
|
||||
for (SECKeySizeChoiceInfo* choice = SECKeySizeChoiceList; choice && choice->name; ++choice) {
|
||||
nsString *str = new nsString(choice->name);
|
||||
aContent.AppendElement(str);
|
||||
}
|
||||
aAttribute.AssignWithConversion(mozKeyGen);
|
||||
aAttribute.Assign(NS_LITERAL_STRING("-mozilla-keygen"));
|
||||
}
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -196,70 +196,71 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||
nsresult rv;
|
||||
PRInt32 encryptBits;
|
||||
|
||||
if (SECSuccess == SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
|
||||
&encryptBits, &signer, nsnull))
|
||||
{
|
||||
PRInt32 secStatus;
|
||||
if (sslStatus == SSL_SECURITY_STATUS_OFF)
|
||||
secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
|
||||
else if (encryptBits >= 90)
|
||||
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
|
||||
nsIWebProgressListener::STATE_SECURE_HIGH);
|
||||
else
|
||||
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
|
||||
nsIWebProgressListener::STATE_SECURE_LOW);
|
||||
if (SECSuccess != SSL_SecurityStatus(fd, &sslStatus, &cipherName, &keyLength,
|
||||
&encryptBits, &signer, nsnull)) {
|
||||
return;
|
||||
}
|
||||
|
||||
CERTCertificate *peerCert = SSL_PeerCertificate(fd);
|
||||
char* caName = CERT_GetOrgName(&peerCert->issuer);
|
||||
CERT_DestroyCertificate(peerCert);
|
||||
if (!caName) {
|
||||
caName = signer;
|
||||
}
|
||||
PRInt32 secStatus;
|
||||
if (sslStatus == SSL_SECURITY_STATUS_OFF)
|
||||
secStatus = nsIWebProgressListener::STATE_IS_BROKEN;
|
||||
else if (encryptBits >= 90)
|
||||
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
|
||||
nsIWebProgressListener::STATE_SECURE_HIGH);
|
||||
else
|
||||
secStatus = (nsIWebProgressListener::STATE_IS_SECURE |
|
||||
nsIWebProgressListener::STATE_SECURE_LOW);
|
||||
|
||||
// If the CA name is RSA Data Security, then change the name to the real
|
||||
// name of the company i.e. VeriSign, Inc.
|
||||
if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
|
||||
// In this case, caName != signer since the logic implies signer
|
||||
// would be at minimal "O=RSA Data Security, Inc" because caName
|
||||
// is what comes after to O=. So we're OK just freeing this memory
|
||||
// without checking to see if it's equal to signer;
|
||||
NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
|
||||
PR_Free(caName);
|
||||
caName = PL_strdup("Verisign, Inc.");
|
||||
}
|
||||
CERTCertificate *peerCert = SSL_PeerCertificate(fd);
|
||||
char* caName = CERT_GetOrgName(&peerCert->issuer);
|
||||
CERT_DestroyCertificate(peerCert);
|
||||
if (!caName) {
|
||||
caName = signer;
|
||||
}
|
||||
|
||||
nsXPIDLString shortDesc;
|
||||
const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
|
||||
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
|
||||
if (NS_FAILED(rv))
|
||||
return;
|
||||
// If the CA name is RSA Data Security, then change the name to the real
|
||||
// name of the company i.e. VeriSign, Inc.
|
||||
if (nsCRT::strcmp((const char*)caName, "RSA Data Security, Inc.") == 0) {
|
||||
// In this case, caName != signer since the logic implies signer
|
||||
// would be at minimal "O=RSA Data Security, Inc" because caName
|
||||
// is what comes after to O=. So we're OK just freeing this memory
|
||||
// without checking to see if it's equal to signer;
|
||||
NS_ASSERTION(caName != signer, "caName was equal to caName when it shouldn't be");
|
||||
PR_Free(caName);
|
||||
caName = PL_strdup("Verisign, Inc.");
|
||||
}
|
||||
|
||||
rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
|
||||
formatStrings, 1,
|
||||
getter_Copies(shortDesc));
|
||||
nsXPIDLString shortDesc;
|
||||
const PRUnichar* formatStrings[1] = { ToNewUnicode(NS_ConvertUTF8toUCS2(caName)) };
|
||||
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
|
||||
if (NS_SUCCEEDED(rv)) {
|
||||
rv = nssComponent->PIPBundleFormatStringFromName(NS_LITERAL_STRING("SignedBy").get(),
|
||||
formatStrings, 1,
|
||||
getter_Copies(shortDesc));
|
||||
|
||||
nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
|
||||
|
||||
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
|
||||
infoObject->SetSecurityState(secStatus);
|
||||
infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
|
||||
nsMemory::Free(NS_CONST_CAST(PRUnichar*, formatStrings[0]));
|
||||
|
||||
/* Set the SSL Status information */
|
||||
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
|
||||
nsNSSSocketInfo* infoObject = (nsNSSSocketInfo*) fd->higher->secret;
|
||||
infoObject->SetSecurityState(secStatus);
|
||||
infoObject->SetShortSecurityDescription((const PRUnichar*)shortDesc);
|
||||
|
||||
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
|
||||
if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
|
||||
/* Set the SSL Status information */
|
||||
nsCOMPtr<nsSSLStatus> status = new nsSSLStatus();
|
||||
|
||||
status->mKeyLength = keyLength;
|
||||
status->mSecretKeyLength = encryptBits;
|
||||
status->mCipherName.Adopt(cipherName);
|
||||
CERTCertificate *serverCert = SSL_PeerCertificate(fd);
|
||||
if (serverCert) status->mServerCert = new nsNSSCertificate(serverCert);
|
||||
|
||||
infoObject->SetSSLStatus(status);
|
||||
status->mKeyLength = keyLength;
|
||||
status->mSecretKeyLength = encryptBits;
|
||||
status->mCipherName.Adopt(cipherName);
|
||||
|
||||
if (caName != signer)
|
||||
PR_Free(caName);
|
||||
PR_Free(signer);
|
||||
}
|
||||
infoObject->SetSSLStatus(status);
|
||||
}
|
||||
|
||||
if (caName != signer) {
|
||||
PR_Free(caName);
|
||||
}
|
||||
PR_Free(signer);
|
||||
}
|
||||
|
||||
SECStatus PR_CALLBACK AuthCertificateCallback(void* client_data, PRFileDesc* fd,
|
||||
|
|
|
@ -628,7 +628,7 @@ nsresult nsNSSComponent::getParamsForNextCrlToDownload(nsAutoString *url, PRTime
|
|||
return NS_ERROR_FAILURE;
|
||||
}
|
||||
|
||||
for(PRInt32 i=0;i<noOfCrls;i++) {
|
||||
for(PRUint32 i=0;i<noOfCrls;i++) {
|
||||
PRBool autoUpdateEnabled;
|
||||
nsAutoString tempCrlKey;
|
||||
|
||||
|
|
|
@ -1461,6 +1461,7 @@ static const SEC_ASN1Template cert_CertificateScopeOfUseTemplate[] = {
|
|||
{ SEC_ASN1_SEQUENCE_OF, 0, cert_CertificateScopeEntryTemplate }
|
||||
};
|
||||
|
||||
#if 0
|
||||
/*
|
||||
* decodes the extension data and create CERTCertificateScopeEntry that can
|
||||
* be consumed by the code
|
||||
|
@ -1710,6 +1711,7 @@ done:
|
|||
}
|
||||
return rv;
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Function: SSMStatus SSM_SetUserCertChoice()
|
||||
|
@ -1966,9 +1968,17 @@ SECStatus nsNSS_SSLGetClientAuthData(void* arg, PRFileDesc* socket,
|
|||
}
|
||||
|
||||
/* Get CN and O of the subject and O of the issuer */
|
||||
NS_ConvertUTF8toUCS2 cn(CERT_GetCommonName(&serverCert->subject));
|
||||
NS_ConvertUTF8toUCS2 org(CERT_GetOrgName(&serverCert->subject));
|
||||
NS_ConvertUTF8toUCS2 issuer(CERT_GetOrgName(&serverCert->issuer));
|
||||
char *ccn = CERT_GetCommonName(&serverCert->subject);
|
||||
NS_ConvertUTF8toUCS2 cn(ccn);
|
||||
if (ccn) PORT_Free(ccn);
|
||||
|
||||
char *corg = CERT_GetOrgName(&serverCert->subject);
|
||||
NS_ConvertUTF8toUCS2 org(corg);
|
||||
if (corg) PORT_Free(corg);
|
||||
|
||||
char *cissuer = CERT_GetOrgName(&serverCert->issuer);
|
||||
NS_ConvertUTF8toUCS2 issuer(cissuer);
|
||||
if (cissuer) PORT_Free(cissuer);
|
||||
|
||||
certNicknameList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
|
||||
certDetailsList = (PRUnichar **)nsMemory::Alloc(sizeof(PRUnichar *) * nicknames->numnicknames);
|
||||
|
|
|
@ -31,7 +31,7 @@
|
|||
* may use your version of this file under either the MPL or the
|
||||
* GPL.
|
||||
*
|
||||
* $Id: nsPKCS12Blob.cpp,v 1.27 2002/08/06 05:37:58 henry.jia%sun.com Exp $
|
||||
* $Id: nsPKCS12Blob.cpp,v 1.28 2002/08/23 10:40:27 kaie%netscape.com Exp $
|
||||
*/
|
||||
|
||||
#include "prmem.h"
|
||||
|
@ -597,7 +597,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
|
|||
nsCOMPtr<nsINSSComponent> nssComponent(do_GetService(kNSSComponentCID, &rv));
|
||||
if (NS_FAILED(rv)) return nsnull;
|
||||
int count = 1;
|
||||
nsXPIDLCString nickname;
|
||||
nsCString nickname;
|
||||
nsString nickFromProp;
|
||||
nssComponent->GetPIPNSSBundleString(
|
||||
NS_LITERAL_STRING("P12DefaultNickname").get(),
|
||||
|
@ -646,7 +646,7 @@ nsPKCS12Blob::nickname_collision(SECItem *oldNick, PRBool *cancel, void *wincx)
|
|||
return nsnull;
|
||||
|
||||
newNick->type = siAsciiString;
|
||||
newNick->data = (unsigned char*) nsCRT::strdup(nickname);
|
||||
newNick->data = (unsigned char*) nsCRT::strdup(nickname.get());
|
||||
newNick->len = strlen((char*)newNick->data);
|
||||
return newNick;
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче