fix bug 24907 again, require old password when changing password, r=dp

extensions/wallet/src/wallet.cpp

@@ -1314,7 +1314,7 @@ Wallet_KeySet() {
 PUBLIC PRBool
 Wallet_KeyTimedOut() {
   time_t curTime = time(NULL);
-  if (Wallet_KeySet() && (curTime > keyExpiresTime)) {
+  if (Wallet_KeySet() && (curTime >= keyExpiresTime)) {
     keySet = PR_FALSE;
     return PR_TRUE;
   }
@@ -1328,6 +1328,13 @@ Wallet_KeyResetTime() {
   }
 }
 
+PRIVATE void
+wallet_KeyTimeoutImmediately() {
+  if (Wallet_KeySet()) {
+    keyExpiresTime = time(NULL);
+  }
+}
+
 PUBLIC PRBool
 Wallet_CancelKey() {
   return keyCancel;
@@ -1410,11 +1417,6 @@ Wallet_KeySize() {
   }
 }
 
-PRIVATE void
-wallet_UnsetKey() {
-  keySet = PR_FALSE;
-}
-
 PUBLIC PRBool
 Wallet_SetKey(PRBool isNewkey) {
   nsresult res;
@@ -2429,7 +2431,7 @@ wallet_Initialize(PRBool fetchTables) {
    * fetchTables parameter was added and it is set to PR_FALSE in the case of the
    * wallet editor and PR_TRUE in all other cases
    */
-  if (!wallet_tablesInitialized & fetchTables) {
+  if (!wallet_tablesInitialized && fetchTables) {
 #ifdef DEBUG
 //wallet_ClearStopwatch();
 //wallet_ResumeStopwatch();
@@ -2504,9 +2506,10 @@ void WLLT_ChangePassword() {
     return;
   }
 
-  /* read in user data using old key */
+  /* force the user to supply old database key, for security */
+  wallet_KeyTimeoutImmediately();
 
-  wallet_UnsetKey(); /* force user to reenter old key again, for security */
+  /* read in user data using old key */
   wallet_Initialize(PR_TRUE);
 #ifdef SingleSignon
   SI_LoadSignonData(PR_TRUE);