Many NSS commands do not detect failure of NSS_Init* functions

RESOLVED FIXED in 3.2

Status

NSS
Tools
P2
normal
RESOLVED FIXED
17 years ago
17 years ago

People

(Reporter: Nelson Bolyard (seldom reads bugmail), Assigned: Kirk Erickson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Recently all the commands in NSS were converted to use NSS's official 
initialization functions, e.g. NSS_Init, NSS_InitReadWrite, NSS_Initialize,
NSS_NoDB_Init, etc.  But many of the NSS commands do not check the 
value returned by those functions to see if they succeeded or not.

Every NSS command must check the return value of the NSS initialization
function to detect failure, and must output an appropriate error message
and stop if the initialization function failed.

Here is a list of NSS commands that fail to check the return value from
the NSS initialization function:

cmd/certcgi/certcgi.c:    NSS_InitReadWrite(DBdir);
cmd/certutil/certutil.c:    NSS_Initialize(SECU_ConfigDirectory(NULL),
cmd/crlutil/crlutil.c:    NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
cmd/modutil/modutil.c:  NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix,
cmd/p7content/p7content.c:    NSS_Init(SECU_ConfigDirectory(NULL));
cmd/p7env/p7env.c:    NSS_Init(SECU_ConfigDirectory(NULL));
cmd/p7sign/p7sign.c:    NSS_Init(SECU_ConfigDirectory(NULL));
cmd/p7verify/p7verify.c:    NSS_Init(SECU_ConfigDirectory(NULL));
cmd/pk12util/pk12util.c:    NSS_InitReadWrite(dir);
cmd/signtool/util.c:               NSS_Init(cert_dir);
cmd/signtool/util.c:                NSS_InitReadWrite(cert_dir);
cmd/signver/signver.c:  NSS_Init(SECU_ConfigDirectory(NULL));
cmd/bltest/blapitest.c:    NSS_NoDB_Init(NULL);
cmd/derdump/derdump.c:    NSS_NoDB_Init(NULL);  /* XXX */
(Reporter)

Comment 1

17 years ago
I'm going to fix certutil myself, since I need it to work right now.
Priority: -- → P2
Target Milestone: --- → 3.2

Comment 2

17 years ago
Kirk, could you take care of this bug (except certutil, which
Nelson will fix himself)?  Thanks.
Assignee: wtc → kirke
(Reporter)

Comment 3

17 years ago
This bug has been fixed in certutil.c (only) with rev 1.20.
(Assignee)

Comment 4

17 years ago
Introduced SECU_PrintPRandOSError(progName); to print on failure.  Each command
is responsible for exiting with appropriate status to distinguish failure
points.
Status: NEW → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.