bug 1123374 - fix CertBlocklist initialization when revocations.txt does not exist r=mgoodwin

2024-09-13 09:24:08 -07:00 · 2015-01-20 10:18:29 -08:00 · 2015-01-20 10:18:29 -08:00 · 0b57449e27
commit 0b57449e27
parent a83810f8ea
1 changed files with 29 additions and 25 deletions
--- a/security/manager/boot/src/CertBlocklist.cpp
+++ b/security/manager/boot/src/CertBlocklist.cpp
@ -98,6 +98,7 @@ CertBlocklist::CertBlocklist()
  : mMutex("CertBlocklist::mMutex")
  , mModified(false)
  , mBackingFileIsInitialized(false)
+  , mBackingFile(nullptr)
 {
  if (!gCertBlockPRLog) {
    gCertBlockPRLog = PR_NewLogModule("CertBlock");
@ -121,14 +122,29 @@ CertBlocklist::Init()
  }

  // Get the profile directory
-  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
-         ("CertBlocklist::Init - not initialized; initializing"));
  nsresult rv = NS_GetSpecialDirectory(NS_APP_USER_PROFILE_50_DIR,
                                       getter_AddRefs(mBackingFile));
  if (NS_FAILED(rv) || !mBackingFile) {
    PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
           ("CertBlocklist::Init - couldn't get profile dir"));
+    // Since we're returning NS_OK here, set mBackingFile to a safe value.
+    // (We need initialization to succeed and CertBlocklist to be in a
+    // well-defined state if the profile directory doesn't exist.)
+    mBackingFile = nullptr;
+    return NS_OK;
  }
+  rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt"));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  nsAutoCString path;
+  rv = mBackingFile->GetNativePath(path);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
+         ("CertBlocklist::Init certList path: %s", path.get()));
+
  return NS_OK;
 }

@ -144,33 +160,18 @@ CertBlocklist::EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock)
  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
         ("CertBlocklist::EnsureBackingFileInitialized - not initialized"));

-  // Load the revocations file into the cert blocklist
-  nsresult rv = mBackingFile->Append(NS_LITERAL_STRING("revocations.txt"));
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  nsAutoCString path;
-  rv = mBackingFile->GetNativePath(path);
-  if (NS_FAILED(rv)) {
-    return rv;
-  }
-
-  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
-        ("CertBlocklist::Init certList path: %s", path.get()));
-
  bool exists = false;
-  rv = mBackingFile->Exists(&exists);
+  nsresult rv = mBackingFile->Exists(&exists);
  if (NS_FAILED(rv)) {
    return rv;
  }
-
  if (!exists) {
    PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
-           ("CertBlocklist::Init no revocations file"));
+           ("CertBlocklist::EnsureBackingFileInitialized no revocations file"));
    return NS_OK;
  }

+  // Load the revocations file into the cert blocklist
  nsCOMPtr<nsIFileInputStream> fileStream(
      do_CreateInstance(NS_LOCALFILEINPUTSTREAM_CONTRACTID, &rv));
  if (NS_FAILED(rv)) {
@ -212,7 +213,7 @@ CertBlocklist::EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock)
      continue;
    }
    PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
-           ("CertBlocklist::Init adding: %s %s",
+           ("CertBlocklist::EnsureBackingFileInitialized adding: %s %s",
           issuer.get(), serial.get()));
    rv = AddRevokedCertInternal(issuer.get(),
                                serial.get(),
@ -222,7 +223,8 @@ CertBlocklist::EnsureBackingFileInitialized(mozilla::MutexAutoLock& lock)
      // we warn here, rather than abandoning, since we need to
      // ensure that as many items as possible are read
      PR_LOG(gCertBlockPRLog, PR_LOG_WARN,
-             ("CertBlocklist::Init adding revoked cert failed"));
+             ("CertBlocklist::EnsureBackingFileInitialized adding revoked cert "
+              "failed"));
    }
  } while (more);
  mBackingFileIsInitialized = true;
@ -235,7 +237,7 @@ CertBlocklist::AddRevokedCert(const char* aIssuer,
                              const char* aSerialNumber)
 {
  PR_LOG(gCertBlockPRLog, PR_LOG_DEBUG,
-         ("CertBlocklist::addRevokedCert - issuer is: %s and serial: %s",
+         ("CertBlocklist::AddRevokedCert - issuer is: %s and serial: %s",
          aIssuer, aSerialNumber));
  mozilla::MutexAutoLock lock(mMutex);
  return AddRevokedCertInternal(aIssuer,
@ -475,8 +477,10 @@ CertBlocklist::SaveEntries()
 //                       in unsigned long issuerLength,
 //                       [const, array, size_is(serialLength)] in octet serial,
 //                       in unsigned long serialLength);
-NS_IMETHODIMP CertBlocklist::IsCertRevoked(const uint8_t* aIssuer, uint32_t aIssuerLength,
-                                           const uint8_t* aSerial, uint32_t aSerialLength,
+NS_IMETHODIMP CertBlocklist::IsCertRevoked(const uint8_t* aIssuer,
+                                           uint32_t aIssuerLength,
+                                           const uint8_t* aSerial,
+                                           uint32_t aSerialLength,
                                           bool* _retval)
 {
  mozilla::MutexAutoLock lock(mMutex);