diff options
Diffstat (limited to 'security/manager/ssl/nsNSSComponent.cpp')
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 102 |
1 files changed, 39 insertions, 63 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 4d6c3963f..897b5743c 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -12,6 +12,9 @@ #include "SharedSSLState.h" #include "cert.h" #include "certdb.h" +#ifdef MOZ_SECURITY_SQLSTORE +#include "mozStorageCID.h" +#endif #include "mozilla/ArrayUtils.h" #include "mozilla/Casting.h" #include "mozilla/Preferences.h" @@ -1267,26 +1270,19 @@ nsNSSComponent::InitializePIPNSSBundle() nsresult rv; nsCOMPtr<nsIStringBundleService> bundleService(do_GetService(NS_STRINGBUNDLE_CONTRACTID, &rv)); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); - MOZ_RELEASE_ASSERT(bundleService); -#endif + if (NS_FAILED(rv) || !bundleService) return NS_ERROR_FAILURE; bundleService->CreateBundle("chrome://pipnss/locale/pipnss.properties", getter_AddRefs(mPIPNSSBundle)); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(mPIPNSSBundle); -#endif + if (!mPIPNSSBundle) rv = NS_ERROR_FAILURE; bundleService->CreateBundle("chrome://pipnss/locale/nsserrors.properties", getter_AddRefs(mNSSErrorsBundle)); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(mNSSErrorsBundle); -#endif + if (!mNSSErrorsBundle) rv = NS_ERROR_FAILURE; @@ -1488,9 +1484,7 @@ CipherSuiteChangeObserver::StartObserve() if (!sObserver) { RefPtr<CipherSuiteChangeObserver> observer = new CipherSuiteChangeObserver(); nsresult rv = Preferences::AddStrongObserver(observer.get(), "security."); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { sObserver = nullptr; return rv; @@ -1712,21 +1706,28 @@ GetNSSProfilePath(nsAutoCString& aProfilePath) } #if defined(XP_WIN) - // Native path will drop Unicode characters that cannot be mapped to system's - // codepage, using short (canonical) path as workaround. nsCOMPtr<nsILocalFileWin> profileFileWin(do_QueryInterface(profileFile)); if (!profileFileWin) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Could not get nsILocalFileWin for profile directory.\n")); return NS_ERROR_FAILURE; } +#ifdef MOZ_SECURITY_SQLSTORE + // SQLite always takes UTF-8 file paths regardless of the current system + // code page. + nsAutoString u16ProfilePath; + rv = profileFileWin->GetCanonicalPath(u16ProfilePath); + CopyUTF16toUTF8(u16ProfilePath, aProfilePath); +#else + // Native path will drop Unicode characters that cannot be mapped to system's + // codepage, using short (canonical) path as workaround. rv = profileFileWin->GetNativeCanonicalPath(aProfilePath); +#endif #else + // On non-Windows, just get the native profile path. rv = profileFile->GetNativePath(aProfilePath); #endif -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Could not get native path for profile directory.\n")); @@ -1754,9 +1755,6 @@ nsNSSComponent::InitializeNSS() MutexAutoLock lock(mutex); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(!mNSSInitialized); -#endif if (mNSSInitialized) { // We should never try to initialize NSS more than once in a process. MOZ_ASSERT_UNREACHABLE("Trying to initialize NSS twice"); @@ -1775,9 +1773,7 @@ nsNSSComponent::InitializeNSS() nsAutoCString profileStr; nsresult rv = GetNSSProfilePath(profileStr); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { return NS_ERROR_NOT_AVAILABLE; } @@ -1791,9 +1787,7 @@ nsNSSComponent::InitializeNSS() // modules will be loaded). if (runtime) { rv = runtime->GetInSafeMode(&inSafeMode); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { return rv; } @@ -1818,14 +1812,9 @@ nsNSSComponent::InitializeNSS() // pref has been set to "true", attempt to initialize with no DB. if (nocertdb || init_rv != SECSuccess) { init_rv = NSS_NoDB_Init(nullptr); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(init_rv == SECSuccess); -#endif } + if (init_rv != SECSuccess) { -#ifdef ANDROID - MOZ_RELEASE_ASSERT(false); -#endif MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("could not initialize NSS - panicking\n")); return NS_ERROR_NOT_AVAILABLE; } @@ -1847,9 +1836,7 @@ nsNSSComponent::InitializeNSS() SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, false); rv = setEnabledTLSVersions(); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { return NS_ERROR_UNEXPECTED; } @@ -1858,9 +1845,7 @@ nsNSSComponent::InitializeNSS() LoadLoadableRoots(); rv = LoadExtendedValidationInfo(); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("failed to load EV info")); return rv; @@ -1900,18 +1885,14 @@ nsNSSComponent::InitializeNSS() ENABLED_0RTT_DATA_DEFAULT)); if (NS_FAILED(InitializeCipherSuite())) { -#ifdef ANDROID - MOZ_RELEASE_ASSERT(false); -#endif + MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to initialize cipher suite settings\n")); return NS_ERROR_FAILURE; } // ensure the CertBlocklist is initialised nsCOMPtr<nsICertBlocklist> certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(certList); -#endif + if (!certList) { return NS_ERROR_FAILURE; } @@ -1928,9 +1909,7 @@ nsNSSComponent::InitializeNSS() // Initialize the site security service nsCOMPtr<nsISiteSecurityService> sssService = do_GetService(NS_SSSERVICE_CONTRACTID); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(sssService); -#endif + if (!sssService) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize site security service\n")); return NS_ERROR_FAILURE; @@ -1939,9 +1918,7 @@ nsNSSComponent::InitializeNSS() // Initialize the cert override service nsCOMPtr<nsICertOverrideService> coService = do_GetService(NS_CERTOVERRIDE_CONTRACTID); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(coService); -#endif + if (!coService) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Cannot initialize cert override service\n")); return NS_ERROR_FAILURE; @@ -2005,14 +1982,20 @@ nsNSSComponent::Init() return NS_ERROR_NOT_SAME_THREAD; } +#ifdef MOZ_SECURITY_SQLSTORE + // To avoid an sqlite3_config race in NSS init, we require the storage service to get initialized first. + nsCOMPtr<nsISupports> storageService = do_GetService(MOZ_STORAGE_SERVICE_CONTRACTID); + if (!storageService) { + return NS_ERROR_NOT_AVAILABLE; + } +#endif + nsresult rv = NS_OK; MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("Beginning NSS initialization\n")); rv = InitializePIPNSSBundle(); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("Unable to create pipnss bundle.\n")); return rv; @@ -2033,9 +2016,7 @@ nsNSSComponent::Init() rv = InitializeNSS(); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(NS_SUCCEEDED(rv)); -#endif + if (NS_FAILED(rv)) { MOZ_LOG(gPIPNSSLog, LogLevel::Error, ("nsNSSComponent::InitializeNSS() failed\n")); @@ -2197,9 +2178,7 @@ nsNSSComponent::RegisterObservers() nsCOMPtr<nsIObserverService> observerService( do_GetService("@mozilla.org/observer-service;1")); -#ifdef ANDROID - MOZ_RELEASE_ASSERT(observerService); -#endif + if (!observerService) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("nsNSSComponent: couldn't get observer service\n")); @@ -2421,9 +2400,6 @@ InitializeCipherSuite() NS_ASSERTION(NS_IsMainThread(), "InitializeCipherSuite() can only be accessed in main thread"); if (NSS_SetDomesticPolicy() != SECSuccess) { -#ifdef ANDROID - MOZ_RELEASE_ASSERT(false); -#endif return NS_ERROR_FAILURE; } |