Bug 738458, Upgrade Mozilla to NSS 3.13.5, landing beta2, r=bsmith/wtc

joneschrisg · May 18, 2012 · 67523f0 · 67523f0
1 parent fde16d4
commit 67523f0
Show file tree

Hide file tree

Showing 11 changed files with 30 additions and 14 deletions.
diff --git a/security/coreconf/coreconf.dep b/security/coreconf/coreconf.dep
@@ -43,4 +43,3 @@
 
 #error "Do not include this header file."
 
-
diff --git a/security/nss/TAG-INFO b/security/nss/TAG-INFO
@@ -1 +1 @@
-NSS_3_13_5_BETA1
+NSS_3_13_5_BETA2
diff --git a/security/nss/TAG-INFO-CKBI b/security/nss/TAG-INFO-CKBI
@@ -1 +1 @@
-NSS_3_13_5_BETA1
+NSS_3_13_5_BETA2
diff --git a/security/nss/lib/certdb/stanpcertdb.c b/security/nss/lib/certdb/stanpcertdb.c
@@ -311,13 +311,15 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
     }
     stanNick = nssCertificate_GetNickname(c, NULL);
     if (stanNick && nickname && strcmp(nickname, stanNick) != 0) {
-	/* take the new nickname */
+	/* different: take the new nickname */
 	cert->nickname = NULL;
+        nss_ZFreeIf(stanNick);
 	stanNick = NULL;
     }
     if (!stanNick && nickname) {
-	stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, c->object.arena);
-    }
+        /* Either there was no nickname yet, or we have a new nickname */
+	stanNick = nssUTF8_Duplicate((NSSUTF8 *)nickname, NULL);
+    } /* else: old stanNick is identical to new nickname */
     /* Delete the temp instance */
     nssCertificateStore_Lock(context->certStore, &lockTrace);
     nssCertificateStore_RemoveCertLOCKED(context->certStore, c);
@@ -336,6 +338,8 @@ __CERT_AddTempCertToPerm(CERTCertificate *cert, char *nickname,
                                               &c->serial,
 					      cert->emailAddr,
                                               PR_TRUE);
+    nss_ZFreeIf(stanNick);
+    stanNick = NULL;
     PK11_FreeSlot(slot);
     if (!permInstance) {
 	if (NSS_GetError() == NSS_ERROR_INVALID_CERTIFICATE) {

diff --git a/security/nss/lib/certhigh/certhigh.c b/security/nss/lib/certhigh/certhigh.c
@@ -394,6 +394,8 @@ CollectNicknames( NSSCertificate *c, void *data)
     stanNickname = nssCertificate_GetNickname(c,NULL);
 
     if ( stanNickname ) {
+        nss_ZFreeIf(stanNickname);
+        stanNickname = NULL;
 	if (names->what == SEC_CERT_NICKNAMES_USER) {
 	    saveit = NSSCertificate_IsPrivateKeyAvailable(c, NULL, NULL);
 	}

diff --git a/security/nss/lib/pki/certificate.c b/security/nss/lib/pki/certificate.c
@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.68 $ $Date: 2011/07/12 21:29:17 $";
+static const char CVS_ID[] = "@(#) $RCSfile: certificate.c,v $ $Revision: 1.68.2.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 #ifndef NSSPKI_H
@@ -230,6 +230,7 @@ nssCertificate_GetSubject (
     }
 }
 
+/* Returns a copy, Caller must free using nss_ZFreeIf */
 NSS_IMPLEMENT NSSUTF8 *
 nssCertificate_GetNickname (
   NSSCertificate *c,

diff --git a/security/nss/lib/pki/pki.h b/security/nss/lib/pki/pki.h
@@ -38,7 +38,7 @@
 #define PKI_H
 
 #ifdef DEBUG
-static const char PKI_CVS_ID[] = "@(#) $RCSfile: pki.h,v $ $Revision: 1.13 $ $Date: 2005/01/20 02:25:49 $";
+static const char PKI_CVS_ID[] = "@(#) $RCSfile: pki.h,v $ $Revision: 1.13.196.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 #ifndef NSSDEVT_H
@@ -115,6 +115,7 @@ nssCertificate_GetSubject
   NSSCertificate *c
 );
 
+/* Returns a copy, Caller must free using nss_ZFreeIf */
 NSS_EXTERN NSSUTF8 *
 nssCertificate_GetNickname
 (

diff --git a/security/nss/lib/pki/pki3hack.c b/security/nss/lib/pki/pki3hack.c
@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.106 $ $Date: 2012/02/17 22:44:56 $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.106.2.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 /*
@@ -1168,6 +1168,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	                                             &c->serial,
 						     email,
 	                                             PR_TRUE);
+            nss_ZFreeIf(nickname);
+            nickname = NULL;
 	    if (!newInstance) {
 		nssrv = PR_FAILURE;
 		goto done;
@@ -1200,6 +1202,8 @@ STAN_ChangeCertTrust(CERTCertificate *cc, CERTCertTrust *trust)
 	                                             &c->serial,
 						     email,
 	                                             PR_TRUE);
+            nss_ZFreeIf(nickname);
+            nickname = NULL;
 	    if (!newInstance) {
 		nssrv = PR_FAILURE;
 		goto done;

diff --git a/security/nss/lib/pki/pkibase.c b/security/nss/lib/pki/pkibase.c
@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.33 $ $Date: 2010/04/03 18:27:32 $";
+static const char CVS_ID[] = "@(#) $RCSfile: pkibase.c,v $ $Revision: 1.33.6.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 #ifndef DEV_H
@@ -364,8 +364,8 @@ nssPKIObject_GetNicknameForToken (
 	if ((!tokenOpt && object->instances[i]->label) ||
 	    (object->instances[i]->token == tokenOpt)) 
 	{
-            /* XXX should be copy? safe as long as caller has reference */
-	    nickname = object->instances[i]->label; 
+            /* Must copy, see bug 745548 */
+	    nickname = nssUTF8_Duplicate(object->instances[i]->label, NULL);
 	    break;
 	}
     }

diff --git a/security/nss/lib/pki/pkistore.c b/security/nss/lib/pki/pkistore.c
@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.34 $ $Date: 2010/12/17 02:34:07 $";
+static const char CVS_ID[] = "@(#) $RCSfile: pkistore.c,v $ $Revision: 1.34.2.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 #ifndef PKIM_H
@@ -458,6 +458,7 @@ static void match_nickname(const void *k, void *v, void *a)
     {
 	nt->subjectList = subjectList;
     }
+    nss_ZFreeIf(nickname);
 }
 
 /*

diff --git a/security/nss/lib/pki/tdcache.c b/security/nss/lib/pki/tdcache.c
@@ -35,7 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.49 $ $Date: 2010/02/10 02:04:32 $";
+static const char CVS_ID[] = "@(#) $RCSfile: tdcache.c,v $ $Revision: 1.49.6.1 $ $Date: 2012/05/17 21:40:54 $";
 #endif /* DEBUG */
 
 #ifndef PKIM_H
@@ -771,6 +771,7 @@ add_cert_to_cache (
 	log_cert_ref("attempted to add cert already in cache", cert);
 #endif
 	PZ_Unlock(td->cache->lock);
+        nss_ZFreeIf(certNickname);
 	/* collision - somebody else already added the cert
 	 * to the cache before this thread got around to it.
 	 */
@@ -839,8 +840,11 @@ add_cert_to_cache (
     }
     rvCert = cert;
     PZ_Unlock(td->cache->lock);
+    nss_ZFreeIf(certNickname);
     return rvCert;
 loser:
+    nss_ZFreeIf(certNickname);
+    certNickname = NULL;
     /* Remove any handles that have been created */
     subjectList = NULL;
     if (added >= 1) {
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,4 +43,3 @@

		#error "Do not include this header file."