Blob Blame History Raw
diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c
--- jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c	2004-04-25 08:02:18.000000000 -0700
+++ jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c	2011-09-17 18:37:39.875900000 -0700
@@ -275,9 +275,11 @@ diagnosePath(const char * path)
 	    rv = readlink(myPath, buf, sizeof buf);
 	    if (rv < 0) {
 	    	perror("readlink");
-		buf[0] = 0;
-	    } else {
+	    	buf[0] = 0;
+	    } else if ( rv < BUFSIZ ) {
 	    	buf[rv] = 0;
+	    } else {
+	    	buf[BUFSIZ-1] = 0;
 	    }
 	    fprintf(stderr, "%s is a link to %s\n", myPath, buf);
 	} else if (S_ISDIR(sb.st_mode)) {
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c	2011-09-17 17:33:08.823975000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c	2011-09-17 20:09:35.446977000 -0700
@@ -728,14 +728,14 @@ getPWFromCallback(PK11SlotInfo *slot, PR
     }
 
 finish:
-    if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
 #ifdef DEBUG
+    if( (exception=(*env)->ExceptionOccurred(env)) != NULL) {
         jclass giveupClass;
         jmethodID printStackTrace;
         jclass excepClass;
-#endif
+
         (*env)->ExceptionClear(env);
-#ifdef DEBUG
+
         giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION);
         PR_ASSERT(giveupClass != NULL);
         if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) {
@@ -746,8 +746,12 @@ finish:
             PR_ASSERT( PR_FALSE );
         }
         PR_ASSERT(returnchars==NULL);
-#endif
     }
+#else
+    if( ((*env)->ExceptionOccurred(env)) != NULL) {
+        (*env)->ExceptionClear(env);
+    }
+#endif
     return returnchars;
 }
 
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c	2011-09-17 17:33:08.834976000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c	2011-09-19 16:51:46.438021000 -0700
@@ -768,6 +768,10 @@ static int find_leaf_cert(
     int *linked = NULL;
 
     linked = PR_Malloc( sizeof(int) * numCerts );
+    if (linked == NULL) {
+        status = 0;
+        goto finish;
+    }
 
     /* initialize the bitmap */
     for (i = 0; i < numCerts; i++) {
@@ -1735,7 +1739,7 @@ Java_org_mozilla_jss_CryptoManager_verif
 {
     SECStatus         rv    = SECFailure;
     SECCertUsage      certUsage;
-    SECItem *derCerts[2];
+    SECItem *derCerts[2] = { NULL, NULL };
     CERTCertificate **certArray = NULL;
     CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
 
@@ -1749,7 +1753,6 @@ Java_org_mozilla_jss_CryptoManager_verif
     }
     PR_ASSERT(certdb != NULL);
 
-    derCerts[0] = NULL;
     derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray);
     derCerts[1] = NULL;
 
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-09-17 17:33:08.708976000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c	2011-09-17 19:37:52.834292000 -0700
@@ -235,7 +235,7 @@ static PRStatus
 getAlgInfo(JNIEnv *env, jobject alg, JSS_AlgInfo *info)
 {
     jint index;
-    PRStatus status;
+    PRStatus status = PR_FAILURE;
 
     PR_ASSERT(env!=NULL && alg!=NULL && info!=NULL);
 
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c	2011-09-17 17:33:08.970975000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c	2011-09-17 19:47:21.850722000 -0700
@@ -181,7 +181,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageD
     PK11Context *context=NULL;
     jbyte *bytes=NULL;
     SECStatus status;
-    unsigned int outLen;
+    unsigned int outLen = 0;
 
     if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS) {
         /* exception was thrown */
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c	2011-09-17 17:33:09.013977000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c	2011-09-17 18:16:40.231161000 -0700
@@ -273,6 +273,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_g
         break;
     case keaKey:
         keyTypeFieldName = KEA_KEYTYPE_FIELD;
+        break;
     default:
         PR_ASSERT(PR_FALSE);
         keyTypeFieldName = NULL_KEYTYPE_FIELD;
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c	2011-09-17 17:33:09.032977000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c	2011-09-17 19:48:57.776628000 -0700
@@ -390,12 +390,6 @@ importPrivateKey
     SECStatus status;
     SECItem nickname;
 
-    keyType = JSS_PK11_getKeyType(env, keyTypeObj);
-    if( keyType == nullKey ) {
-        /* exception was thrown */
-        goto finish;
-    }
-
     /*
      * initialize so we can goto finish
      */
@@ -403,6 +397,12 @@ importPrivateKey
     derPK.len = 0;
 
 
+    keyType = JSS_PK11_getKeyType(env, keyTypeObj);
+    if( keyType == nullKey ) {
+        /* exception was thrown */
+        goto finish;
+    }
+
     PR_ASSERT(env!=NULL && this!=NULL);
 
     if(keyArray == NULL) {
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c	2011-09-17 17:33:09.050976000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c	2011-09-17 19:53:46.184339000 -0700
@@ -962,12 +962,12 @@ JNIEXPORT jstring JNICALL Java_org_mozil
 {
     PK11SlotInfo *slot;
     const char* c_subject=NULL;
-    jboolean isCopy;
+    jboolean isCopy = JNI_FALSE;
     unsigned char *b64request=NULL;
     SECItem p, q, g;
     PQGParams *dsaParams=NULL;
     const char* c_keyType;
-    jboolean k_isCopy;
+    jboolean k_isCopy = JNI_FALSE;
     SECOidTag signType = SEC_OID_UNKNOWN;
     PK11RSAGenParams rsaParams;
     void *params = NULL;
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2011-09-17 17:33:09.073977000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c	2011-09-17 19:56:20.428184000 -0700
@@ -516,11 +516,6 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke
         goto finish;
     }
 
-    if( addrBAelems == NULL ) {
-        ASSERT_OUTOFMEM(env);
-        goto finish;
-    }
-
     if(addrBALen != 4 && addrBALen != 16) {
         JSSL_throwSSLSocketException(env, "Invalid address in connect!");
         goto finish;
@@ -720,7 +715,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_getCi
 {
     JSSL_SocketData *sock=NULL;
     SECStatus status;
-    PRBool enabled;
+    PRBool enabled = PR_FAILURE;
 
     /* get the fd */
     if( JSSL_getSockData(env, sockObj, &sock) != PR_SUCCESS) {
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c	2004-09-03 11:32:03.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c	2011-09-17 18:15:07.825252000 -0700
@@ -684,17 +684,13 @@ JSSL_ConfirmExpiredPeerCert(void *arg, P
         * Now check the name field in the cert against the desired hostname.
         * NB: This is our only defense against Man-In-The-Middle (MITM) attacks!
         */
-        if( peerCert == NULL ) {
-            rv = SECFailure;
+        char* hostname = NULL;
+        hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
+        if (hostname && hostname[0]) {
+            rv = CERT_VerifyCertName(peerCert, hostname);
+            PORT_Free(hostname);
         } else {
-            char* hostname = NULL;
-            hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */
-            if (hostname && hostname[0]) {
-                rv = CERT_VerifyCertName(peerCert, hostname);
-                PORT_Free(hostname);
-            } else {
-                rv = SECFailure;
-            }
+            rv = SECFailure;
         }
     }
 
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2011-09-17 17:33:09.094977000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c	2011-09-17 19:16:38.546566000 -0700
@@ -95,6 +95,10 @@ writebuf(JNIEnv *env, PRFileDesc *fd, jo
     jint arrayLen=-1;
     PRInt32 retval;
 
+    if( env == NULL ) {
+        goto finish;
+    }
+
     /*
      * get the OutputStream
      */
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c	2002-07-03 17:25:46.000000000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c	2011-09-18 23:02:28.130883000 -0700
@@ -427,6 +427,7 @@ JSS_ConvertNativeErrcodeToJava(PRErrorCo
 #endif
 
     key.native = nativeErrcode;
+    key.java = -1;
     target = bsearch( &key, errcodeTable, numErrcodes, sizeof(Errcode),
         errcodeCompare );
 
diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c
--- jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c	2011-09-17 17:33:09.103977000 -0700
+++ jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c	2011-09-19 16:38:19.428634000 -0700
@@ -529,7 +529,7 @@ JSS_wipeCharArray(char* array)
  */
 static char* getPWFromConsole()
 {
-    char c;
+    int c;
     char *ret;
     int i;
     char buf[200];  /* no buffer overflow: we bail after 200 chars */