gnu/packages/patches/icecat-CVE-2018-12383.patch

   1 Based on upstream changeset:
   2   https://hg.mozilla.org/releases/mozilla-esr60/rev/300efdbc9fe1
   3 but with the git binary patch and related test changes omitted,
   4 and adapted to apply cleanly to GNU IceCat.
   5
   6 # HG changeset patch
   7 # User David Keeler <dkeeler@mozilla.com>
   8 # Date 1531860660 25200
   9 # Node ID 300efdbc9fe1f9165428c7934861033935b5abfa
  10 # Parent  80a4a7ef281374dbb2afda8edac54665b14b9ef8
  11 Bug 1475775 - Clean up old NSS DB file after upgrade if necessary. r=franziskus, r=mattn, a=RyanVM
  12
  13 Reviewers: franziskus, mattn
  14
  15 Bug #: 1475775
  16
  17 Differential Revision: https://phabricator.services.mozilla.com/D2202
  18
  19 diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
  20 --- a/security/manager/ssl/nsNSSComponent.cpp
  21 +++ b/security/manager/ssl/nsNSSComponent.cpp
  22 @@ -1935,16 +1935,61 @@ AttemptToRenameBothPKCS11ModuleDBVersion
  23    NS_NAMED_LITERAL_CSTRING(sqlModuleDBFilename, "pkcs11.txt");
  24    nsresult rv = AttemptToRenamePKCS11ModuleDB(profilePath,
  25                                                legacyModuleDBFilename);
  26    if (NS_FAILED(rv)) {
  27      return rv;
  28    }
  29    return AttemptToRenamePKCS11ModuleDB(profilePath, sqlModuleDBFilename);
  30  }
  31 +
  32 +// When we changed from the old dbm database format to the newer sqlite
  33 +// implementation, the upgrade process left behind the existing files. Suppose a
  34 +// user had not set a password for the old key3.db (which is about 99% of
  35 +// users). After upgrading, both the old database and the new database are
  36 +// unprotected. If the user then sets a password for the new database, the old
  37 +// one will not be protected. In this scenario, we should probably just remove
  38 +// the old database (it would only be relevant if the user downgraded to a
  39 +// version of IceCat before 58, but we have to trade this off against the
  40 +// user's old private keys being unexpectedly unprotected after setting a
  41 +// password).
  42 +// This was never an issue on Android because we always used the new
  43 +// implementation.
  44 +static void
  45 +MaybeCleanUpOldNSSFiles(const nsACString& profilePath)
  46 +{
  47 +  UniquePK11SlotInfo slot(PK11_GetInternalKeySlot());
  48 +  if (!slot) {
  49 +    return;
  50 +  }
  51 +  // Unfortunately we can't now tell the difference between "there already was a
  52 +  // password when the upgrade happened" and "there was not a password but then
  53 +  // the user added one after upgrading".
  54 +  bool hasPassword = PK11_NeedLogin(slot.get()) &&
  55 +                     !PK11_NeedUserInit(slot.get());
  56 +  if (!hasPassword) {
  57 +    return;
  58 +  }
  59 +  nsCOMPtr<nsIFile> dbFile = do_CreateInstance("@mozilla.org/file/local;1");
  60 +  if (!dbFile) {
  61 +    return;
  62 +  }
  63 +  nsresult rv = dbFile->InitWithNativePath(profilePath);
  64 +  if (NS_FAILED(rv)) {
  65 +    return;
  66 +  }
  67 +  NS_NAMED_LITERAL_CSTRING(keyDBFilename, "key3.db");
  68 +  rv = dbFile->AppendNative(keyDBFilename);
  69 +  if (NS_FAILED(rv)) {
  70 +    return;
  71 +  }
  72 +  // Since this isn't a directory, the `recursive` argument to `Remove` is
  73 +  // irrelevant.
  74 +  Unused << dbFile->Remove(false);
  75 +}
  76  #endif // ifndef ANDROID
  77
  78  // Given a profile directory, attempt to initialize NSS. If nocertdb is true,
  79  // (or if we don't have a profile directory) simply initialize NSS in no DB mode
  80  // and return. Otherwise, first attempt to initialize in read/write mode, and
  81  // then read-only mode if that fails. If both attempts fail, we may be failing
  82  // to initialize an NSS DB collection that has FIPS mode enabled. Attempt to
  83  // ascertain if this is the case, and if so, rename the offending PKCS#11 module
  84 @@ -1966,16 +2011,19 @@ InitializeNSSWithFallbacks(const nsACStr
  85
  86    // Try read/write mode. If we're in safeMode, we won't load PKCS#11 modules.
  87  #ifndef ANDROID
  88    PRErrorCode savedPRErrorCode1;
  89  #endif // ifndef ANDROID
  90    SECStatus srv = ::mozilla::psm::InitializeNSS(profilePath, false, !safeMode);
  91    if (srv == SECSuccess) {
  92      MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("initialized NSS in r/w mode"));
  93 +#ifndef ANDROID
  94 +    MaybeCleanUpOldNSSFiles(profilePath);
  95 +#endif // ifndef ANDROID
  96      return NS_OK;
  97    }
  98  #ifndef ANDROID
  99    savedPRErrorCode1 = PR_GetError();
 100    PRErrorCode savedPRErrorCode2;
 101  #endif // ifndef ANDROID
 102    // That failed. Try read-only mode.
 103    srv = ::mozilla::psm::InitializeNSS(profilePath, true, !safeMode);