1319856 - Crypto policy configuration files require empty line at end of file

Status: RESOLVED FIXED

(NSS :: Libraries, defect)

Description

[Alicja Kario]

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161114215630

Steps to reproduce:

Created a crypto-policy file that disallows sha1 signatures:

cat > policy.txt <<EOF
library=
name=Policy
NSS=flags=policyOnly,moduleDB
config="disallow=sha1"
EOF'


Actual results:

SHA-1 signatures were still accepted by tstclnt and selfserv


Expected results:

the policy file should have the same meaning if it includes the empty line at the end of a single section as well as when it excludes it.

IOW, this works as expected:
cat > policy.txt <<EOF
library=
name=Policy
NSS=flags=policyOnly,moduleDB
config="disallow=sha1"

EOF'

Comment 1

[Daiki Ueno [:ueno]]

Attachment: proposed patch

This patch changes the pkcs11.txt parser, which is also used for parsing policy files, to recognize the final stanza even if it doesn't end with an empty newline.

Comment 2

[Robert Relyea]

Comment on attachment 8814398 [details] [diff] [review]
proposed patch

Review of attachment 8814398 [details] [diff] [review]:
-----------------------------------------------------------------

r+ rrelyea

Comment 3

[Kai Engert [:KaiE:]]

Bob, Daiki,

since Daiki doesn't have commit access yet, either the reviewer must do the commit, or if they don't do it, you must remember to explicitly ask someone with access to do the commit.

Comment 4

[Kai Engert [:KaiE:]]

try build:
https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=e6b34c65fe3bab58ea67ae021c480d8c37e5f64d

Comment 5

[Kai Engert [:KaiE:]]

https://hg.mozilla.org/projects/nss/rev/35ecce237181