Closed
Bug 495097
Opened 15 years ago
Closed 15 years ago
sdb_mapSQLError returns signed int, causing sign extension on 64-bit platforms
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: wtc, Assigned: rrelyea)
References
Details
(Whiteboard: FIPS)
Attachments
(1 file, 1 obsolete file)
4.28 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
sdb_mapSQLError maps SQLite errors to PKCS #11 errors, but it is incorrectly declared to return (signed) int. When its return value is assigned to CK_RV, which is unsigned long, on 64-bit platforms, sign extension occurs. The sign extension causes CKR_NETSCAPE_CERTDB_FAILED (0xce534351) to become 0xffffffffcd534351. A place where accurate error reporting is important is http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/pk11wrap/pk11load.c&rev=1.25&mark=146,153-158,164#122 If I call NSS_InitReadWrite(sql:/home/wtc/.pki/nssdb) and the directory doesn't exist, I get the confusing SEC_ERROR_INVALID_ARGS error because the wrong error code causes secmod_ModuleInit to call the softoken again with C_Initialize(NULL), and that fails with SEC_ERROR_INVALID_ARGS.
Attachment #379924 -
Flags: review?(rrelyea)
Reporter | ||
Comment 1•15 years ago
|
||
Attachment #379932 -
Flags: review?(rrelyea)
Reporter | ||
Updated•15 years ago
|
Attachment #379924 -
Attachment is obsolete: true
Attachment #379924 -
Flags: review?(rrelyea)
Assignee | ||
Comment 2•15 years ago
|
||
Comment on attachment 379932 [details] [diff] [review] Proposed patch with regression test Though there should already be a test case for this called db test, it may be better to make sure dbtest checks for the correct SEC_ERROR error code. Also old off fix check in. We are likely to be doing a respin for FIPS, and I'd like to collect this one with the FIPS respin.
Attachment #379932 -
Flags: review?(rrelyea) → review+
Updated•15 years ago
|
Priority: -- → P1
Whiteboard: FIPS [Awaiting Softoken's Thaw]
Version: unspecified → 3.12
Reporter | ||
Comment 3•15 years ago
|
||
Bob, could you check in my patch for me? I'm not following the respin for FIPS, so I'm afraid that I may miss the right time to check this in. Thanks. I can move the regression test to dbtest.c later.
Assignee: wtc → rrelyea
Assignee | ||
Comment 4•15 years ago
|
||
To problem. You'ved marked it as fips and assigned it to me... so we are set. bob
Status: NEW → ASSIGNED
Assignee | ||
Comment 5•15 years ago
|
||
RCS file: /cvsroot/mozilla/security/nss/cmd/tests/baddbdir.c,v done Checking in cmd/tests/baddbdir.c; /cvsroot/mozilla/security/nss/cmd/tests/baddbdir.c,v <-- baddbdir.c initial revision: 1.1 done Checking in cmd/tests/manifest.mn; /cvsroot/mozilla/security/nss/cmd/tests/manifest.mn,v <-- manifest.mn new revision: 1.8; previous revision: 1.7 done Checking in lib/softoken/sdb.c; /cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v <-- sdb.c new revision: 1.13; previous revision: 1.12 done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•15 years ago
|
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
You need to log in
before you can comment on or make changes to this bug.
Description
•