Merge pull request #477 from JustOff/PR_nss-3.36

Update NSS/NSPR to 3.36.4/4.19
author: Moonchild <mcwerewolf@gmail.com> 2018-06-12 00:58:35 +0200
committer: GitHub <noreply@github.com> 2018-06-12 00:58:35 +0200
commit: b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387 (patch)
tree: 40d946c5ff23b3c0c09558f478cc68e87cc71448 /security/nss/cmd/signtool
parent: b1d82a62259c6888ea6f3f71f3e0973ea4b4e85e (diff)
parent: 505a561549b5226fd3c7905eaa61fe787dfad243 (diff)
download: UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar
UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.gz
UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.lz
UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.xz
UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.zip
1 files changed, 48 insertions, 10 deletions
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 6e776069a..6f8e43946 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -43,6 +43,7 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
     int status;
     char tempfn[FNSIZE], fullfn[FNSIZE];
     int keyType = rsaKey;
+    int count;
 
     metafile = meta_file;
     optimize = _optimize;
@@ -81,9 +82,18 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
         }
 
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-                                                                   : "rsa"));
-        sprintf(fullfn, "%s/%s", tree, tempfn);
+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
+        if (count >= sizeof(tempfn)) {
+            PR_fprintf(errorFD, "unable to write key metadata\n");
+            errorCount++;
+            exit(ERRX);
+        }
+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
+        if (count >= sizeof(fullfn)) {
+            PR_fprintf(errorFD, "unable to write key metadata\n");
+            errorCount++;
+            exit(ERRX);
+        }
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
         /* Loop through all files & subdirectories, add to archive */
@@ -93,20 +103,44 @@ SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
     }
     /* mf to zip */
     strcpy(tempfn, "META-INF/manifest.mf");
-    sprintf(fullfn, "%s/%s", tree, tempfn);
+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
+    if (count >= sizeof(fullfn)) {
+        PR_fprintf(errorFD, "unable to write manifest\n");
+        errorCount++;
+        exit(ERRX);
+    }
     JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
     /* sf to zip */
-    sprintf(tempfn, "META-INF/%s.sf", base);
-    sprintf(fullfn, "%s/%s", tree, tempfn);
+    count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.sf", base);
+    if (count >= sizeof(tempfn)) {
+        PR_fprintf(errorFD, "unable to write sf metadata\n");
+        errorCount++;
+        exit(ERRX);
+    }
+    count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
+    if (count >= sizeof(fullfn)) {
+        PR_fprintf(errorFD, "unable to write sf metadata\n");
+        errorCount++;
+        exit(ERRX);
+    }
     JzipAdd(fullfn, tempfn, zipfile, compression_level);
 
     /* Add the rsa/dsa file to the zip archive normally */
     if (!xpi_arc) {
         /* rsa/dsa to zip */
-        sprintf(tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa"
-                                                                   : "rsa"));
-        sprintf(fullfn, "%s/%s", tree, tempfn);
+        count = snprintf(tempfn, sizeof(tempfn), "META-INF/%s.%s", base, (keyType == dsaKey ? "dsa" : "rsa"));
+        if (count >= sizeof(tempfn)) {
+            PR_fprintf(errorFD, "unable to write key metadata\n");
+            errorCount++;
+            exit(ERRX);
+        }
+        count = snprintf(fullfn, sizeof(fullfn), "%s/%s", tree, tempfn);
+        if (count >= sizeof(fullfn)) {
+            PR_fprintf(errorFD, "unable to write key metadata\n");
+            errorCount++;
+            exit(ERRX);
+        }
         JzipAdd(fullfn, tempfn, zipfile, compression_level);
     }
 
@@ -408,6 +442,7 @@ static int
 manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
 {
     char fullname[FNSIZE];
+    int count;
 
     if (verbosity >= 0) {
         PR_fprintf(outputFD, "--> %s\n", relpath);
@@ -421,7 +456,10 @@ manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, char *filename, voi
         if (!PL_HashTableLookup(extensions, ext))
             return 0;
     }
-    sprintf(fullname, "%s/%s", basedir, relpath);
+    count = snprintf(fullname, sizeof(fullname), "%s/%s", basedir, relpath);
+    if (count >= sizeof(fullname)) {
+        return 1;
+    }
     JzipAdd(fullname, relpath, zipfile, compression_level);
 
     return 0;
author	Moonchild <mcwerewolf@gmail.com>	2018-06-12 00:58:35 +0200
committer	GitHub <noreply@github.com>	2018-06-12 00:58:35 +0200
commit	b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387 (patch)
tree	40d946c5ff23b3c0c09558f478cc68e87cc71448 /security/nss/cmd/signtool
parent	b1d82a62259c6888ea6f3f71f3e0973ea4b4e85e (diff)
parent	505a561549b5226fd3c7905eaa61fe787dfad243 (diff)
download	UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.gz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.lz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.tar.xz UXP-b0f5f9bc6bb3c8b5ab7b5120dbf7ec48f8445387.zip