[NSS] Update NSS to 3.52.4

5 files changed, 18 insertions, 11 deletions

diff --git a/security/nss/lib/nss/nss.h b/security/nss/lib/nss/nss.h
index 58ce4a3891..1dc2f6b56a 100644
--- a/security/nss/lib/nss/nss.h
+++ b/security/nss/lib/nss/nss.h
@@ -22,10 +22,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define NSS_VERSION "3.52.3" _NSS_CUSTOMIZED
+#define NSS_VERSION "3.52.4" _NSS_CUSTOMIZED
 #define NSS_VMAJOR 3
 #define NSS_VMINOR 52
-#define NSS_VPATCH 3
+#define NSS_VPATCH 4
 #define NSS_VBUILD 0
 #define NSS_BETA PR_FALSE
 
diff --git a/security/nss/lib/pk11wrap/pk11auth.c b/security/nss/lib/pk11wrap/pk11auth.c
index c633e53f7b..ad8fbad24a 100644
--- a/security/nss/lib/pk11wrap/pk11auth.c
+++ b/security/nss/lib/pk11wrap/pk11auth.c
@@ -4,6 +4,7 @@
 /*
  * This file deals with PKCS #11 passwords and authentication.
  */
+#include "dev.h"
 #include "seccomon.h"
 #include "secmod.h"
 #include "secmodi.h"
@@ -636,9 +637,11 @@ PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session,
             break;
     }
     if (rv == SECSuccess) {
-        if (!contextSpecific && !PK11_IsFriendly(slot)) {
-            nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
-                                                  slot->nssToken);
+        if (!contextSpecific && !PK11_IsFriendly(slot) && slot->nssToken) {
+            NSSToken *token = nssToken_AddRef(slot->nssToken);
+            nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain,
+                                                  token);
+            nssToken_Destroy(token);
         }
     } else if (!attempt)
         PORT_SetError(SEC_ERROR_BAD_PASSWORD);
diff --git a/security/nss/lib/pk11wrap/pk11slot.c b/security/nss/lib/pk11wrap/pk11slot.c
index 9e641998da..3ac931f6ba 100644
--- a/security/nss/lib/pk11wrap/pk11slot.c
+++ b/security/nss/lib/pk11wrap/pk11slot.c
@@ -2647,8 +2647,12 @@ PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd)
         PORT_SetError(PK11_MapError(crv));
         return SECFailure;
     }
-    nssTrustDomain_UpdateCachedTokenCerts(slot->nssToken->trustDomain,
-                                          slot->nssToken);
+    if (slot->nssToken) {
+        NSSToken *token = nssToken_AddRef(slot->nssToken);
+        nssTrustDomain_UpdateCachedTokenCerts(token->trustDomain,
+                                              token);
+        nssToken_Destroy(token);
+    }
     return SECSuccess;
 }
 void
diff --git a/security/nss/lib/softoken/softkver.h b/security/nss/lib/softoken/softkver.h
index 9c1a6bdb06..b337cc3235 100644
--- a/security/nss/lib/softoken/softkver.h
+++ b/security/nss/lib/softoken/softkver.h
@@ -17,10 +17,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
  */
-#define SOFTOKEN_VERSION "3.52.3" SOFTOKEN_ECC_STRING
+#define SOFTOKEN_VERSION "3.52.4" SOFTOKEN_ECC_STRING
 #define SOFTOKEN_VMAJOR 3
 #define SOFTOKEN_VMINOR 52
-#define SOFTOKEN_VPATCH 3
+#define SOFTOKEN_VPATCH 4
 #define SOFTOKEN_VBUILD 0
 #define SOFTOKEN_BETA PR_FALSE
 
diff --git a/security/nss/lib/util/nssutil.h b/security/nss/lib/util/nssutil.h
index 968c99f281..dfbc0b17de 100644
--- a/security/nss/lib/util/nssutil.h
+++ b/security/nss/lib/util/nssutil.h
@@ -19,10 +19,10 @@
  * The format of the version string should be
  *     "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
  */
-#define NSSUTIL_VERSION "3.52.3"
+#define NSSUTIL_VERSION "3.52.4"
 #define NSSUTIL_VMAJOR 3
 #define NSSUTIL_VMINOR 52
-#define NSSUTIL_VPATCH 3
+#define NSSUTIL_VPATCH 4
 #define NSSUTIL_VBUILD 0
 #define NSSUTIL_BETA PR_FALSE