mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

AddRef() the out parameter, and check for OOM. 

Fixes bug 231709, iframes pointing to signed XUL crashes browser
r+sr=jst
This commit is contained in:
caillon%returnzero.com 2004-01-27 05:01:48 +00:00
Родитель 9d284ef74e
Коммит 1ed44eba40
1 изменённых файлов: 18 добавлений и 12 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

30
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -1383,17 +1383,19 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
PRInt32* aErrorCode, PRInt32* aErrorCode,
nsIPrincipal** aPrincipal) nsIPrincipal** aPrincipal)
{ {
if (!aPrincipal || !aErrorCode) {
return NS_ERROR_NULL_POINTER;
}
*aErrorCode = 0;
*aPrincipal = nsnull;
nsNSSShutDownPreventionLock locker; nsNSSShutDownPreventionLock locker;
SEC_PKCS7DecoderContext * p7_ctxt = nsnull; SEC_PKCS7DecoderContext * p7_ctxt = nsnull;
SEC_PKCS7ContentInfo * p7_info = nsnull; SEC_PKCS7ContentInfo * p7_info = nsnull;
unsigned char hash[SHA1_LENGTH]; unsigned char hash[SHA1_LENGTH];
PRBool rv; PRBool rv;
if (!aPrincipal || !aErrorCode)
return NS_ERROR_NULL_POINTER;
*aErrorCode = 0;
*aPrincipal = nsnull;
p7_ctxt = SEC_PKCS7DecoderStart(ContentCallback, p7_ctxt = SEC_PKCS7DecoderStart(ContentCallback,
nsnull, nsnull,
GetPasswordKeyCallback, GetPasswordKeyCallback,
@ -1442,8 +1444,12 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
// Get the signing cert // // Get the signing cert //
CERTCertificate *cert = p7_info->content.signedData->signerInfos[0]->cert; CERTCertificate *cert = p7_info->content.signedData->signerInfos[0]->cert;
if (cert) { if (cert) {
nsresult rv2;
nsCOMPtr<nsIX509Cert> pCert = new nsNSSCertificate(cert); nsCOMPtr<nsIX509Cert> pCert = new nsNSSCertificate(cert);
if (!pCert) {
return NS_ERROR_OUT_OF_MEMORY;
}
nsresult rv2;
if (!mScriptSecurityManager) { if (!mScriptSecurityManager) {
nsAutoLock lock(mutex); nsAutoLock lock(mutex);
// re-test the condition to prevent double initialization // re-test the condition to prevent double initialization
@ -1453,24 +1459,24 @@ nsNSSComponent::VerifySignature(const char* aRSABuf, PRUint32 aRSABufLen,
if (NS_FAILED(rv2)) return rv2; if (NS_FAILED(rv2)) return rv2;
} }
} }
//-- Create a certificate principal with id and organization data //-- Create a certificate principal with id and organization data
nsAutoString fingerprint; nsAutoString fingerprint;
rv2 = pCert->GetSha1Fingerprint(fingerprint); rv2 = pCert->GetSha1Fingerprint(fingerprint);
NS_LossyConvertUCS2toASCII fingerprintStr(fingerprint);
if (NS_FAILED(rv2)) return rv2; if (NS_FAILED(rv2)) return rv2;
nsCOMPtr<nsIPrincipal> certPrincipal; nsCOMPtr<nsIPrincipal> certPrincipal;
rv2 = mScriptSecurityManager->GetCertificatePrincipal(fingerprintStr.get(), nsnull, rv2 = mScriptSecurityManager->
getter_AddRefs(certPrincipal)); GetCertificatePrincipal(NS_LossyConvertUTF16toASCII(fingerprint).get(),
nsnull, getter_AddRefs(certPrincipal));
if (NS_FAILED(rv2) || !certPrincipal) return rv2; if (NS_FAILED(rv2) || !certPrincipal) return rv2;
nsAutoString orgName; nsAutoString orgName;
rv2 = pCert->GetOrganization(orgName); rv2 = pCert->GetOrganization(orgName);
if (NS_FAILED(rv2)) return rv2; if (NS_FAILED(rv2)) return rv2;
NS_LossyConvertUCS2toASCII orgNameStr(orgName); rv2 = certPrincipal->SetCommonName(NS_LossyConvertUTF16toASCII(orgName).get());
rv2 = certPrincipal->SetCommonName(orgNameStr.get());
if (NS_FAILED(rv2)) return rv2; if (NS_FAILED(rv2)) return rv2;
*aPrincipal = certPrincipal; NS_ADDREF(*aPrincipal = certPrincipal);
} }
if (p7_info) { if (p7_info) {