From ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@gmail.com>
Date: Tue, 14 Aug 2018 07:52:35 +0200
Subject: Update NSS to 3.38

- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
---
 security/nss/cmd/httpserv/httpserv.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

(limited to 'security/nss/cmd/httpserv')

diff --git a/security/nss/cmd/httpserv/httpserv.c b/security/nss/cmd/httpserv/httpserv.c
index 7cf28c65a..71e2ab88d 100644
--- a/security/nss/cmd/httpserv/httpserv.c
+++ b/security/nss/cmd/httpserv/httpserv.c
@@ -682,6 +682,7 @@ handle_connection(
                 }
                 if (arena) {
                     PORT_FreeArena(arena, PR_FALSE);
+                    arena = NULL;
                 }
                 if (!request || !request->tbsRequest ||
                     !request->tbsRequest->requestList ||
@@ -753,11 +754,11 @@ handle_connection(
 
                     {
                         PRTime now = PR_Now();
-                        PLArenaPool *arena = NULL;
                         CERTOCSPSingleResponse *sr;
                         CERTOCSPSingleResponse **singleResponses;
                         SECItem *ocspResponse;
 
+                        PORT_Assert(!arena);
                         arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
 
                         if (unknown) {
@@ -787,8 +788,8 @@ handle_connection(
                         } else {
                             PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
                             PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
-                            PORT_FreeArena(arena, PR_FALSE);
                         }
+                        PORT_FreeArena(arena, PR_FALSE);
                     }
                     CERT_DestroyOCSPRequest(request);
                     break;
@@ -1357,7 +1358,6 @@ main(int argc, char **argv)
             caRevoIter = &caRevoInfos->link;
             do {
                 PRFileDesc *inFile;
-                int rv = SECFailure;
                 SECItem crlDER;
                 crlDER.data = NULL;
 
@@ -1413,11 +1413,9 @@ main(int argc, char **argv)
 
     if (provideOcsp) {
         if (caRevoInfos) {
-            PRCList *caRevoIter;
-
             caRevoIter = &caRevoInfos->link;
             do {
-                caRevoInfo *revoInfo = (caRevoInfo *)caRevoIter;
+                revoInfo = (caRevoInfo *)caRevoIter;
                 if (revoInfo->nickname)
                     PORT_Free(revoInfo->nickname);
                 if (revoInfo->crlFilename)
-- 
cgit v1.2.3