[Fedora-directory-commits] adminutil/lib/libadmsslutil admsslutil.c, 1.2, 1.3

Wed Mar 22 23:47:27 UTC 2006

Author: rmeggins

Update of /cvs/dirsec/adminutil/lib/libadmsslutil
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11998/adminutil/lib/libadmsslutil

Modified Files:
	admsslutil.c 
Log Message:
Bug(s) fixed: 186280
Bug Description: Close potential security vulnerabilities in CGI code
Reviewed by: Noriko (Thanks!)
Fix Description: The code was already pretty clean in terms of buffer 
access.  I added some malloc return checking, used some nspr functions 
where applicable, removed some dead code, and fixed a couple of small 
memory leaks.
Platforms tested: Fedora Core 5
Flag Day: no
Doc impact: no
QA impact: should be covered by regular nightly and manual testing
New Tests integrated into TET: none



Index: admsslutil.c
===================================================================
RCS file: /cvs/dirsec/adminutil/lib/libadmsslutil/admsslutil.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3

--- admsslutil.c	6 Dec 2005 18:38:42 -0000	1.2
+++ admsslutil.c	22 Mar 2006 23:47:20 -0000	1.3
@@ -144,20 +144,12 @@
         filename++; /* Skip '/' */
     }
 
-    /* basename is either "-cert" or "-key" */
-    base = strstr(filename, basename);
+    /* basename is either "-cert" or "-key" - look for last occurance */
+    base = PL_strrstr(filename, basename);
     if (base == NULL) {
         return;
     }
 
-    /*
-     *  Find the last occurrence of basename in filename in an unlikely 
-     *  scenario that basename (-key or -cert) appears in the prefix
-    */
-    while (strstr(base+1, basename) != NULL) {
-        base = strstr(base+1, basename);
-    }
-
     /* Include '-' into prefix */
     prefixLen = base-filename+1;
     if (prefixLen > maxprefixlen) {
@@ -188,6 +180,10 @@
 
   /* PKSC11 module must be configured before NSS is initialized */
   db_name = PL_strdup("internal (software)              ");
+  if (!db_name) {
+      return -1;
+  }
+
   PK11_ConfigurePKCS11(NULL,NULL,NULL,db_name,NULL, NULL,NULL,NULL,
                        /*minPwdLen=*/8, /*pwdRequired=*/1);
  
@@ -272,7 +268,11 @@
 
   if((!certdbFile) || (!keydbFile) || (!admroot)) return -1;
 
-  return initNSS(certdbFile, keydbFile);
+  errCode = initNSS(certdbFile, keydbFile);
+  PL_Free(certdbFile);
+  PL_Free(keydbFile);
+
+  return errCode;
 }
 
 void servssl_error(char *fmt, ...)
@@ -763,66 +763,6 @@
   }
   
   fclose(f);
-
-#ifdef NES
-  /* add/edit field in magnus.conf */
-  modified_security = 0;
-  linecnt = 0;
-  PR_snprintf(filename, sizeof(filename),
-              "%s/admin-serv/config/magnus.conf", sroot);
-  
-  f = fopen(filename, "r");
-  if (f==NULL) {
-    servssl_error("Can not open magnus.conf for reading");
-  }
-  
-  while(fgets(inbuf, sizeof(inbuf), f) != NULL) {
-    if(lines[linecnt] != NULL)
-      PR_Free(lines[linecnt]);
-    if ((strstr(inbuf,"Security ") == inbuf) &&
-        (security && *security != '\0')) { 
-      /* Line starts with "Security" */
-      col = strrchr(inbuf,' ');
-      if (col == NULL) {
-        servssl_error("Bad format for security field in magnus.conf");
-      }
-      *col=0;
-      PR_snprintf(buf, sizeof(buf), "%s %s\n", inbuf, security);
-      lines[linecnt++] = PL_strdup(buf);
-      modified_security=1;
-    }
-    else {
-      lines[linecnt++] = PL_strdup(inbuf);
-    }
-  }        
-  fclose(f);
-  
-  if ((!modified_security) &&
-      (security && *security != '\0')) {
-    /* security not found - put it in */
-    if(lines[linecnt] != NULL)
-      PR_Free(lines[linecnt]);
-    PR_snprintf(buf, sizeof(buf), "Security %s\n", security);
-    lines[linecnt++] = PL_strdup(buf);
-  }
-  
-  f = fopen(filename, "w");
-  if (f==NULL) {
-    fclose(f);
-    servssl_error("Can not open magnus.conf for writing");
-  }
-  
-  for (i=0; i < linecnt; i++) {
-    fprintf(f, "%s", lines[i]);
-  }
-  
-  fclose(f);
-
-  for(i=0; i<50; i++) {
-    if(lines[i] != NULL)
-      PR_Free(lines[i]);
-  }
-#endif /* NES */
 }
 
 


