diff options
| author | Moonchild <moonchild@palemoon.org> | 2022-07-27 06:07:45 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-07-27 06:07:45 +0000 |
| commit | b110549cbd2a6f9efd11b33180b4a410f271923a (patch) | |
| tree | c9b4f9d1106ce31ba75e0c51810db0d6da61345e | |
| parent | 971047835a5ba34252a0adfbbdc7ed63252bb1d3 (diff) | |
| parent | cfe63a24341e345f67e3f02a4dc5ecaa8c53f1d5 (diff) | |
| download | uxp-RB_20220802.tar.gz | |
Merge branch 'master' into releaseRC_20220728RB_20220802
| -rw-r--r-- | dom/performance/PerformanceResourceTiming.h | 4 | ||||
| -rw-r--r-- | security/nss/coreconf/coreconf.dep | 1 | ||||
| -rw-r--r-- | security/nss/lib/certdb/certdb.c | 6 | ||||
| -rw-r--r-- | security/nss/lib/certdb/certv3.c | 2 | ||||
| -rw-r--r-- | security/nss/lib/certdb/certxutl.c | 6 | ||||
| -rw-r--r-- | security/nss/lib/nss/nss.h | 4 | ||||
| -rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 67 | ||||
| -rw-r--r-- | security/nss/lib/softoken/pkcs11i.h | 2 | ||||
| -rw-r--r-- | security/nss/lib/softoken/sftkdb.c | 14 | ||||
| -rw-r--r-- | security/nss/lib/softoken/sftkpwd.c | 6 | ||||
| -rw-r--r-- | security/nss/lib/softoken/softkver.h | 4 | ||||
| -rw-r--r-- | security/nss/lib/util/nssutil.h | 4 |
12 files changed, 88 insertions, 32 deletions
diff --git a/dom/performance/PerformanceResourceTiming.h b/dom/performance/PerformanceResourceTiming.h index b4775d4322..63a8c24149 100644 --- a/dom/performance/PerformanceResourceTiming.h +++ b/dom/performance/PerformanceResourceTiming.h @@ -54,7 +54,9 @@ public: void GetNextHopProtocol(nsAString& aNextHopProtocol) const { - aNextHopProtocol = mNextHopProtocol; + if (mTiming && mTiming->TimingAllowed()) { + aNextHopProtocol = mNextHopProtocol; + } } void SetNextHopProtocol(const nsAString& aNextHopProtocol) diff --git a/security/nss/coreconf/coreconf.dep b/security/nss/coreconf/coreconf.dep index 5182f75552..590d1bfaee 100644 --- a/security/nss/coreconf/coreconf.dep +++ b/security/nss/coreconf/coreconf.dep @@ -10,3 +10,4 @@ */ #error "Do not include this header file." + diff --git a/security/nss/lib/certdb/certdb.c b/security/nss/lib/certdb/certdb.c index 0796fe5d75..80dccee125 100644 --- a/security/nss/lib/certdb/certdb.c +++ b/security/nss/lib/certdb/certdb.c @@ -384,9 +384,9 @@ GetKeyUsage(CERTCertificate *cert) rv = CERT_FindKeyUsageExtension(cert, &tmpitem); if (rv == SECSuccess) { /* remember the actual value of the extension */ - cert->rawKeyUsage = tmpitem.data[0]; + cert->rawKeyUsage = tmpitem.len ? tmpitem.data[0] : 0; cert->keyUsagePresent = PR_TRUE; - cert->keyUsage = tmpitem.data[0]; + cert->keyUsage = cert->rawKeyUsage; PORT_Free(tmpitem.data); tmpitem.data = NULL; @@ -506,7 +506,7 @@ cert_ComputeCertType(CERTCertificate *cert) isCA = basicConstraint.isCA; } if (tmpitem.data != NULL || extKeyUsage != NULL) { - if (tmpitem.data == NULL) { + if (tmpitem.data == NULL || tmpitem.len == 0) { nsCertType = 0; } else { nsCertType = tmpitem.data[0]; diff --git a/security/nss/lib/certdb/certv3.c b/security/nss/lib/certdb/certv3.c index d27fc1ba0d..f00b88f1d7 100644 --- a/security/nss/lib/certdb/certv3.c +++ b/security/nss/lib/certdb/certv3.c @@ -213,7 +213,7 @@ CERT_CheckCertUsage(CERTCertificate *cert, unsigned char usage) if (rv == SECFailure) { rv = (PORT_GetError() == SEC_ERROR_EXTENSION_NOT_FOUND) ? SECSuccess : SECFailure; - } else if (!keyUsage.data || !(keyUsage.data[0] & usage)) { + } else if (!keyUsage.data || !keyUsage.len || !(keyUsage.data[0] & usage)) { PORT_SetError(SEC_ERROR_CERT_USAGES_INVALID); rv = SECFailure; } diff --git a/security/nss/lib/certdb/certxutl.c b/security/nss/lib/certdb/certxutl.c index c53f15cdff..eb1cb1485f 100644 --- a/security/nss/lib/certdb/certxutl.c +++ b/security/nss/lib/certdb/certxutl.c @@ -417,12 +417,14 @@ CERT_FindBitStringExtension(CERTCertExtension **extensions, int tag, goto loser; } - retItem->data = (unsigned char *)PORT_Alloc((tmpItem.len + 7) >> 3); + retItem->data = (unsigned char *)PORT_ZAlloc((tmpItem.len + 7) >> 3); if (retItem->data == NULL) { goto loser; } - PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3); + if (tmpItem.len > 0) { + PORT_Memcpy(retItem->data, tmpItem.data, (tmpItem.len + 7) >> 3); + } retItem->len = tmpItem.len; rv = SECSuccess; diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h index 47e8ddafd8..cd4c48593a 100644 --- a/security/nss/lib/nss/nss.h +++ b/security/nss/lib/nss/nss.h @@ -22,10 +22,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define NSS_VERSION "3.52.7" _NSS_CUSTOMIZED +#define NSS_VERSION "3.52.8" _NSS_CUSTOMIZED #define NSS_VMAJOR 3 #define NSS_VMINOR 52 -#define NSS_VPATCH 7 +#define NSS_VPATCH 8 #define NSS_VBUILD 0 #define NSS_BETA PR_FALSE diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index 93150cd789..ed723985a6 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -1652,6 +1652,7 @@ sftk_handleObject(SFTKObject *object, SFTKSession *session) CK_OBJECT_HANDLE handle; CK_BBOOL ckfalse = CK_FALSE; CK_BBOOL cktrue = CK_TRUE; + PRBool isLoggedIn, needLogin; CK_RV crv; /* make sure all the base object types are defined. If not set the @@ -1669,9 +1670,13 @@ sftk_handleObject(SFTKObject *object, SFTKSession *session) if (crv != CKR_OK) return crv; + PZ_Lock(slot->slotLock); + isLoggedIn = slot->isLoggedIn; + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + /* don't create a private object if we aren't logged in */ - if ((!slot->isLoggedIn) && (slot->needLogin) && - (sftk_isTrue(object, CKA_PRIVATE))) { + if (!isLoggedIn && needLogin && (sftk_isTrue(object, CKA_PRIVATE))) { return CKR_USER_NOT_LOGGED_IN; } @@ -3617,11 +3622,18 @@ NSC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) static PRBool sftk_checkNeedLogin(SFTKSlot *slot, SFTKDBHandle *keyHandle) { + PRBool needLogin; if (sftkdb_PWCached(keyHandle) == SECSuccess) { - return slot->needLogin; + PZ_Lock(slot->slotLock); + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + } else { + needLogin = (PRBool)!sftk_hasNullPassword(slot, keyHandle); + PZ_Lock(slot->slotLock); + slot->needLogin = needLogin; + PZ_Unlock(slot->slotLock); } - slot->needLogin = (PRBool)!sftk_hasNullPassword(slot, keyHandle); - return (slot->needLogin); + return needLogin; } static PRBool @@ -4021,8 +4033,11 @@ NSC_InitPIN(CK_SESSION_HANDLE hSession, /* Now update our local copy of the pin */ if (rv == SECSuccess) { - if (ulPinLen == 0) + if (ulPinLen == 0) { + PZ_Lock(slot->slotLock); slot->needLogin = PR_FALSE; + PZ_Unlock(slot->slotLock); + } /* database has been initialized, now force min password in FIPS * mode. NOTE: if we are in level1, we may not have a password, but * forcing it now will prevent an insufficient password from being set. @@ -4057,6 +4072,7 @@ NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, char newPinStr[SFTK_MAX_PIN + 1], oldPinStr[SFTK_MAX_PIN + 1]; SECStatus rv; CK_RV crv = CKR_SESSION_HANDLE_INVALID; + PRBool needLogin; PRBool tokenRemoved = PR_FALSE; CHECK_FORK(); @@ -4077,7 +4093,10 @@ NSC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin, return CKR_PIN_LEN_RANGE; /* XXX FIXME wrong return value */ } - if (slot->needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) { + PZ_Lock(slot->slotLock); + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + if (needLogin && sp->info.state != CKS_RW_USER_FUNCTIONS) { crv = CKR_USER_NOT_LOGGED_IN; goto loser; } @@ -4305,6 +4324,8 @@ NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_RV crv; char pinStr[SFTK_MAX_PIN + 1]; PRBool tokenRemoved = PR_FALSE; + PRBool isLoggedIn; + PRBool needLogin; CHECK_FORK(); @@ -4328,9 +4349,14 @@ NSC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, return CKR_USER_TYPE_INVALID; } - if (slot->isLoggedIn) + PZ_Lock(slot->slotLock); + isLoggedIn = slot->isLoggedIn; + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + + if (isLoggedIn) return CKR_USER_ALREADY_LOGGED_IN; - if (!slot->needLogin) { + if (!needLogin) { return ulPinLen ? CKR_PIN_INCORRECT : CKR_OK; } slot->ssoLoggedIn = PR_FALSE; @@ -4793,7 +4819,7 @@ NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, SFTKSession *session; SFTKObject *object; SFTKAttribute *attribute; - PRBool sensitive; + PRBool sensitive, isLoggedIn, needLogin; CK_RV crv; int i; @@ -4824,9 +4850,13 @@ NSC_GetAttributeValue(CK_SESSION_HANDLE hSession, return CKR_OBJECT_HANDLE_INVALID; } + PZ_Lock(slot->slotLock); + isLoggedIn = slot->isLoggedIn; + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + /* don't read a private object if we aren't logged in */ - if ((!slot->isLoggedIn) && (slot->needLogin) && - (sftk_isTrue(object, CKA_PRIVATE))) { + if (!isLoggedIn && needLogin && (sftk_isTrue(object, CKA_PRIVATE))) { sftk_FreeObject(object); return CKR_USER_NOT_LOGGED_IN; } @@ -4867,7 +4897,7 @@ NSC_SetAttributeValue(CK_SESSION_HANDLE hSession, SFTKSession *session; SFTKAttribute *attribute; SFTKObject *object; - PRBool isToken; + PRBool isToken, isLoggedIn, needLogin; CK_RV crv = CKR_OK; CK_BBOOL legal; int i; @@ -4891,9 +4921,13 @@ NSC_SetAttributeValue(CK_SESSION_HANDLE hSession, return CKR_OBJECT_HANDLE_INVALID; } + PZ_Lock(slot->slotLock); + isLoggedIn = slot->isLoggedIn; + needLogin = slot->needLogin; + PZ_Unlock(slot->slotLock); + /* don't modify a private object if we aren't logged in */ - if ((!slot->isLoggedIn) && (slot->needLogin) && - (sftk_isTrue(object, CKA_PRIVATE))) { + if (!isLoggedIn && needLogin && (sftk_isTrue(object, CKA_PRIVATE))) { sftk_FreeSession(session); sftk_FreeObject(object); return CKR_USER_NOT_LOGGED_IN; @@ -5171,7 +5205,10 @@ NSC_FindObjectsInit(CK_SESSION_HANDLE hSession, search->index = 0; search->size = 0; search->array_size = NSC_SEARCH_BLOCK_SIZE; + + PZ_Lock(slot->slotLock); isLoggedIn = (PRBool)((!slot->needLogin) || slot->isLoggedIn); + PZ_Unlock(slot->slotLock); crv = sftk_searchTokenList(slot, search, pTemplate, ulCount, isLoggedIn); if (crv != CKR_OK) { diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h index 1630442c9f..0e5153b7b0 100644 --- a/security/nss/lib/softoken/pkcs11i.h +++ b/security/nss/lib/softoken/pkcs11i.h @@ -318,7 +318,7 @@ struct SFTKSessionStr { * object hash tables (sessObjHashTable[] and tokObjHashTable), and * sessionObjectHandleCount. * slotLock protects the remaining protected elements: - * password, isLoggedIn, ssoLoggedIn, and sessionCount, + * password, needLogin, isLoggedIn, ssoLoggedIn, and sessionCount, * and pwCheckLock serializes the key database password checks in * NSC_SetPIN and NSC_Login. * diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index a1a723fe87..60e9621759 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -337,7 +337,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if ((keyHandle == NULL) || ((SFTK_GET_SDB(keyHandle)->sdb_flags & SDB_HAS_META) == 0) || - (keyHandle->passwordKey.data == NULL)) { + (sftkdb_PWCached(keyHandle) != SECSuccess)) { checkSig = PR_FALSE; } @@ -1601,10 +1601,14 @@ sftkdb_CloseDB(SFTKDBHandle *handle) } (*handle->db->sdb_Close)(handle->db); } + if (handle->passwordLock) { + PZ_Lock(handle->passwordLock); + } if (handle->passwordKey.data) { PORT_ZFree(handle->passwordKey.data, handle->passwordKey.len); } if (handle->passwordLock) { + PZ_Unlock(handle->passwordLock); SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock)); } if (handle->updatePasswordKey) { @@ -2681,7 +2685,7 @@ sftkdb_ResetKeyDB(SFTKDBHandle *handle) { CK_RV crv; - /* only rest the key db */ + /* only reset the key db */ if (handle->type != SFTK_KEYDB_TYPE) { return SECFailure; } @@ -2690,6 +2694,12 @@ sftkdb_ResetKeyDB(SFTKDBHandle *handle) /* set error */ return SECFailure; } + PZ_Lock(handle->passwordLock); + if (handle->passwordKey.data) { + SECITEM_ZfreeItem(&handle->passwordKey, PR_FALSE); + handle->passwordKey.data = NULL; + } + PZ_Unlock(handle->passwordLock); return SECSuccess; } diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index 83e881f1d9..73294d4631 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -1085,7 +1085,11 @@ done: SECStatus sftkdb_PWCached(SFTKDBHandle *keydb) { - return keydb->passwordKey.data ? SECSuccess : SECFailure; + SECStatus rv; + PZ_Lock(keydb->passwordLock); + rv = keydb->passwordKey.data ? SECSuccess : SECFailure; + PZ_Unlock(keydb->passwordLock); + return rv; } static CK_RV diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h index 06d4e82bfd..cb1a3f1fe9 100644 --- a/security/nss/lib/softoken/softkver.h +++ b/security/nss/lib/softoken/softkver.h @@ -17,10 +17,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]" */ -#define SOFTOKEN_VERSION "3.52.7" SOFTOKEN_ECC_STRING +#define SOFTOKEN_VERSION "3.52.8" SOFTOKEN_ECC_STRING #define SOFTOKEN_VMAJOR 3 #define SOFTOKEN_VMINOR 52 -#define SOFTOKEN_VPATCH 7 +#define SOFTOKEN_VPATCH 8 #define SOFTOKEN_VBUILD 0 #define SOFTOKEN_BETA PR_FALSE diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h index 6267f4234a..a7cbf184c8 100644 --- a/security/nss/lib/util/nssutil.h +++ b/security/nss/lib/util/nssutil.h @@ -19,10 +19,10 @@ * The format of the version string should be * "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]" */ -#define NSSUTIL_VERSION "3.52.7" +#define NSSUTIL_VERSION "3.52.8" #define NSSUTIL_VMAJOR 3 #define NSSUTIL_VMINOR 52 -#define NSSUTIL_VPATCH 7 +#define NSSUTIL_VPATCH 8 #define NSSUTIL_VBUILD 0 #define NSSUTIL_BETA PR_FALSE |