Merge branch 'master' into Pale_Moon-release

# Conflicts: # application/palemoon/components/feeds/FeedWriter.js # application/palemoon/config/version.txt # security/manager/ssl/nsSTSPreloadList.errors # security/manager/ssl/nsSTSPreloadList.inc
author: wolfbeast <mcwerewolf@wolfbeast.com> 2019-01-06 15:14:54 +0100
committer: wolfbeast <mcwerewolf@wolfbeast.com> 2019-01-06 15:14:54 +0100
commit: cc6a935ce54b573c1efd7533aff00e7bf0a9959c (patch)
tree: c8ad266edb7ea1e7b93aaaaa98847cf662373668 /security/nss/cmd/modutil
parent: d129c900c9f943adb69c1fb20ba1a029fdd95cff (diff)
parent: 9f4afc2552a67cc675b8b8af2ecb8ebc04a473a7 (diff)
download: UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar
UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.gz
UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.lz
UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.xz
UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.zip
4 files changed, 78 insertions, 1 deletions
diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h
index d9f06592f..33ed7bde7 100644
--- a/security/nss/cmd/modutil/error.h
+++ b/security/nss/cmd/modutil/error.h
@@ -131,6 +131,7 @@ typedef enum {
     UNDEFAULT_SUCCESS_MSG,
     BROWSER_RUNNING_MSG,
     ABORTING_MSG,
+    P11_KIT_ENABLED_MSG,
 
     LAST_MSG /* must be last */
 } Message;
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index c1b44be53..f04ad3d92 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -138,7 +138,11 @@ char* msgStrings[] = {
     "\ncorruption of your security databases. If the browser is currently running,"
     "\nyou should exit browser before continuing this operation. Type "
     "\n'q <enter>' to abort, or <enter> to continue: ",
-    "\nAborting...\n"
+    "\nAborting...\n",
+    "\nWARNING: Manually adding a module while p11-kit is enabled could cause"
+    "\nduplicate module registration in your security database. It is suggested "
+    "\nto configure the module through p11-kit configuration file instead.\n"
+    "\nType 'q <enter>' to abort, or <enter> to continue: "
 };
 
 /* Increment i if doing so would have i still be less than j.  If you
@@ -856,6 +860,28 @@ main(int argc, char* argv[])
         goto loser;
     }
 
+    /* Warn if we are adding a module while p11-kit is enabled in the
+     * database. */
+    if ((command == ADD_COMMAND || command == RAW_ADD_COMMAND) &&
+        IsP11KitEnabled()) {
+        char* response;
+
+        PR_fprintf(PR_STDOUT, msgStrings[P11_KIT_ENABLED_MSG]);
+        if (!PR_fgets(stdinbuf, STDINBUF_SIZE, PR_STDIN)) {
+            PR_fprintf(PR_STDERR, errStrings[STDIN_READ_ERR]);
+            errcode = STDIN_READ_ERR;
+            goto loser;
+        }
+        if ((response = strtok(stdinbuf, " \r\n\t"))) {
+            if (!PL_strcasecmp(response, "q")) {
+                PR_fprintf(PR_STDOUT, msgStrings[ABORTING_MSG]);
+                errcode = SUCCESS;
+                goto loser;
+            }
+        }
+        PR_fprintf(PR_STDOUT, "\n");
+    }
+
     /* Execute the command */
     switch (command) {
         case ADD_COMMAND:
diff --git a/security/nss/cmd/modutil/modutil.h b/security/nss/cmd/modutil/modutil.h
index 04aa908c8..1981fec7b 100644
--- a/security/nss/cmd/modutil/modutil.h
+++ b/security/nss/cmd/modutil/modutil.h
@@ -36,6 +36,7 @@ Error RawAddModule(char *dbmodulespec, char *modulespec);
 Error RawListModule(char *modulespec);
 Error SetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
 Error UnsetDefaultModule(char *moduleName, char *slotName, char *mechanisms);
+PRBool IsP11KitEnabled(void);
 void out_of_memory(void);
 
 #endif /*MODUTIL_H*/
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c
index 1efc1895c..6d17a3365 100644
--- a/security/nss/cmd/modutil/pk11.c
+++ b/security/nss/cmd/modutil/pk11.c
@@ -259,6 +259,55 @@ getStringFromFlags(unsigned long flags, const MaskString array[], int elements)
     return buf;
 }
 
+static PRBool
+IsP11KitProxyModule(SECMODModule *module)
+{
+    CK_INFO modinfo;
+    static const char p11KitManufacturerID[33] =
+        "PKCS#11 Kit                     ";
+    static const char p11KitLibraryDescription[33] =
+        "PKCS#11 Kit Proxy Module        ";
+
+    if (PK11_GetModInfo(module, &modinfo) == SECSuccess &&
+        PORT_Memcmp(modinfo.manufacturerID,
+                    p11KitManufacturerID,
+                    sizeof(modinfo.manufacturerID)) == 0 &&
+        PORT_Memcmp(modinfo.libraryDescription,
+                    p11KitLibraryDescription,
+                    sizeof(modinfo.libraryDescription)) == 0) {
+        return PR_TRUE;
+    }
+
+    return PR_FALSE;
+}
+
+PRBool
+IsP11KitEnabled(void)
+{
+    SECMODListLock *lock;
+    SECMODModuleList *mlp;
+    PRBool found = PR_FALSE;
+
+    lock = SECMOD_GetDefaultModuleListLock();
+    if (!lock) {
+        PR_fprintf(PR_STDERR, errStrings[NO_LIST_LOCK_ERR]);
+        return found;
+    }
+
+    SECMOD_GetReadLock(lock);
+
+    mlp = SECMOD_GetDefaultModuleList();
+    for (; mlp != NULL; mlp = mlp->next) {
+        if (IsP11KitProxyModule(mlp->module)) {
+            found = PR_TRUE;
+            break;
+        }
+    }
+
+    SECMOD_ReleaseReadLock(lock);
+    return found;
+}
+
 /**********************************************************************
  *
  * A d d M o d u l e
author	wolfbeast <mcwerewolf@wolfbeast.com>	2019-01-06 15:14:54 +0100
committer	wolfbeast <mcwerewolf@wolfbeast.com>	2019-01-06 15:14:54 +0100
commit	cc6a935ce54b573c1efd7533aff00e7bf0a9959c (patch)
tree	c8ad266edb7ea1e7b93aaaaa98847cf662373668 /security/nss/cmd/modutil
parent	d129c900c9f943adb69c1fb20ba1a029fdd95cff (diff)
parent	9f4afc2552a67cc675b8b8af2ecb8ebc04a473a7 (diff)
download	UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.gz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.lz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.tar.xz UXP-cc6a935ce54b573c1efd7533aff00e7bf0a9959c.zip