summaryrefslogtreecommitdiffstats
path: root/security/nss/cmd/signtool
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-08-14 07:52:35 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-08-14 16:42:52 +0200
commitab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch)
tree5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/cmd/signtool
parentf44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff)
downloadUXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/cmd/signtool')
-rw-r--r--security/nss/cmd/signtool/javascript.c8
-rw-r--r--security/nss/cmd/signtool/sign.c68
-rw-r--r--security/nss/cmd/signtool/zip.c4
3 files changed, 41 insertions, 39 deletions
diff --git a/security/nss/cmd/signtool/javascript.c b/security/nss/cmd/signtool/javascript.c
index ffff2db59..58869aa61 100644
--- a/security/nss/cmd/signtool/javascript.c
+++ b/security/nss/cmd/signtool/javascript.c
@@ -1300,7 +1300,6 @@ extract_js(char *filename)
* Now we have a stream of tags and text. Go through and deal with each.
*/
for (curitem = head; curitem; curitem = curitem->next) {
- TagItem *tagp = NULL;
AVPair *pairp = NULL;
char *src = NULL, *id = NULL, *codebase = NULL;
PRBool hasEventHandler = PR_FALSE;
@@ -1669,11 +1668,14 @@ loser:
* Returns PR_SUCCESS if the directory is present, PR_FAILURE otherwise.
*/
static PRStatus
-ensureExists(char *base, char *path)
+ensureExists(char *basepath, char *path)
{
char fn[FNSIZE];
PRDir *dir;
- sprintf(fn, "%s/%s", base, path);
+ int c = snprintf(fn, sizeof(fn), "%s/%s", basepath, path);
+ if (c >= sizeof(fn)) {
+ return PR_FAILURE;
+ }
/*PR_fprintf(outputFD, "Trying to open directory %s.\n", fn);*/
diff --git a/security/nss/cmd/signtool/sign.c b/security/nss/cmd/signtool/sign.c
index 6f8e43946..534530947 100644
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -175,16 +175,16 @@ typedef struct {
*
*/
int
-SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
- char *install_script, int optimize, PRBool recurse)
+SignAllArc(char *jartree, char *keyName, int javascript, char *metafilename,
+ char *install_script, int optimize_level, PRBool recurse)
{
SignArcInfo info;
info.keyName = keyName;
info.javascript = javascript;
- info.metafile = metafile;
+ info.metafile = metafilename;
info.install_script = install_script;
- info.optimize = optimize;
+ info.optimize = optimize_level;
return foreach (jartree, "", sign_all_arc_fn, recurse,
PR_TRUE /*include dirs*/, (void *)&info);
@@ -194,7 +194,7 @@ static int
sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
void *arg)
{
- char *zipfile = NULL;
+ char *zipfilename = NULL;
char *arc = NULL, *archive = NULL;
int retval = 0;
SignArcInfo *infop = (SignArcInfo *)arg;
@@ -212,8 +212,8 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
}
archive = PR_smprintf("%s/%s", basedir, relpath);
- zipfile = PL_strdup(archive);
- arc = PORT_Strrchr(zipfile, '.');
+ zipfilename = PL_strdup(archive);
+ arc = PORT_Strrchr(zipfilename, '.');
if (arc == NULL) {
PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
@@ -225,17 +225,17 @@ sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
PL_strcpy(arc, ".jar");
if (verbosity >= 0) {
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
+ PR_fprintf(outputFD, "\nsigning: %s\n", zipfilename);
}
- retval = SignArchive(archive, infop->keyName, zipfile,
+ retval = SignArchive(archive, infop->keyName, zipfilename,
infop->javascript, infop->metafile, infop->install_script,
infop->optimize, PR_TRUE /* recurse */);
}
finish:
if (archive)
PR_Free(archive);
- if (zipfile)
- PR_Free(zipfile);
+ if (zipfilename)
+ PR_Free(zipfilename);
return retval;
}
@@ -707,8 +707,8 @@ SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert)
static int
generate_SF_file(char *manifile, char *who)
{
- FILE *sf;
- FILE *mf;
+ FILE *sfFile;
+ FILE *mfFile;
long r1, r2, r3;
char whofile[FNSIZE];
char *buf, *name = NULL;
@@ -718,12 +718,12 @@ generate_SF_file(char *manifile, char *who)
strcpy(whofile, who);
- if ((mf = fopen(manifile, "rb")) == NULL) {
+ if ((mfFile = fopen(manifile, "rb")) == NULL) {
perror(manifile);
exit(ERRX);
}
- if ((sf = fopen(whofile, "wb")) == NULL) {
+ if ((sfFile = fopen(whofile, "wb")) == NULL) {
perror(who);
exit(ERRX);
}
@@ -736,11 +736,11 @@ generate_SF_file(char *manifile, char *who)
if (buf == NULL || name == NULL)
out_of_memory();
- fprintf(sf, "Signature-Version: 1.0\n");
- fprintf(sf, "Created-By: %s\n", CREATOR);
- fprintf(sf, "Comments: %s\n", BREAKAGE);
+ fprintf(sfFile, "Signature-Version: 1.0\n");
+ fprintf(sfFile, "Created-By: %s\n", CREATOR);
+ fprintf(sfFile, "Comments: %s\n", BREAKAGE);
- if (fgets(buf, BUFSIZ, mf) == NULL) {
+ if (fgets(buf, BUFSIZ, mfFile) == NULL) {
PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
errorCount++;
exit(ERRX);
@@ -752,15 +752,15 @@ generate_SF_file(char *manifile, char *who)
exit(ERRX);
}
- fseek(mf, 0L, SEEK_SET);
+ fseek(mfFile, 0L, SEEK_SET);
/* Process blocks of headers, and calculate their hashen */
while (1) {
/* Beginning range */
- r1 = ftell(mf);
+ r1 = ftell(mfFile);
- if (fgets(name, BUFSIZ, mf) == NULL)
+ if (fgets(name, BUFSIZ, mfFile) == NULL)
break;
line++;
@@ -774,46 +774,46 @@ generate_SF_file(char *manifile, char *who)
}
r2 = r1;
- while (fgets(buf, BUFSIZ, mf)) {
+ while (fgets(buf, BUFSIZ, mfFile)) {
if (*buf == 0 || *buf == '\n' || *buf == '\r')
break;
line++;
/* Ending range for hashing */
- r2 = ftell(mf);
+ r2 = ftell(mfFile);
}
- r3 = ftell(mf);
+ r3 = ftell(mfFile);
if (r1) {
- fprintf(sf, "\n");
- fprintf(sf, "%s", name);
+ fprintf(sfFile, "\n");
+ fprintf(sfFile, "%s", name);
}
- calculate_MD5_range(mf, r1, r2, &dig);
+ calculate_MD5_range(mfFile, r1, r2, &dig);
if (optimize == 0) {
- fprintf(sf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(sfFile, "Digest-Algorithms: MD5 SHA1\n");
md5 = BTOA_DataToAscii(dig.md5, MD5_LENGTH);
- fprintf(sf, "MD5-Digest: %s\n", md5);
+ fprintf(sfFile, "MD5-Digest: %s\n", md5);
PORT_Free(md5);
}
sha1 = BTOA_DataToAscii(dig.sha1, SHA1_LENGTH);
- fprintf(sf, "SHA1-Digest: %s\n", sha1);
+ fprintf(sfFile, "SHA1-Digest: %s\n", sha1);
PORT_Free(sha1);
/* restore normalcy after changing offset position */
- fseek(mf, r3, SEEK_SET);
+ fseek(mfFile, r3, SEEK_SET);
}
PORT_Free(buf);
PORT_Free(name);
- fclose(sf);
- fclose(mf);
+ fclose(sfFile);
+ fclose(mfFile);
return 0;
}
diff --git a/security/nss/cmd/signtool/zip.c b/security/nss/cmd/signtool/zip.c
index 35d5f5733..aeb5d6c54 100644
--- a/security/nss/cmd/signtool/zip.c
+++ b/security/nss/cmd/signtool/zip.c
@@ -129,7 +129,7 @@ handle_zerror(int err, char *msg)
* been opened with JzipOpen.
*/
int
-JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
+JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int lvl)
{
ZIPentry *entry;
PRFileDesc *readfp;
@@ -319,7 +319,7 @@ JzipAdd(char *fullname, char *filename, ZIPfile *zipfile, int compression_level)
* It causes zlib to leave out its headers and footers, which don't
* work in PKZIP files.
*/
- err = deflateInit2(&zstream, compression_level, Z_DEFLATED,
+ err = deflateInit2(&zstream, lvl, Z_DEFLATED,
-MAX_WBITS, 8 /*default*/, Z_DEFAULT_STRATEGY);
if (err != Z_OK) {
handle_zerror(err, zstream.msg);