diff -rupN jss-4.2.6.orig/mozilla/security/coreconf/nsinstall/pathsub.c jss-4.2.6/mozilla/security/coreconf/nsinstall/pathsub.c --- a/security/coreconf/nsinstall/pathsub.c 2004-04-25 08:02:18.000000000 -0700 +++ b/security/coreconf/nsinstall/pathsub.c 2011-09-17 18:37:39.875900000 -0700 @@ -275,9 +275,11 @@ diagnosePath(const char * path) rv = readlink(myPath, buf, sizeof buf); if (rv < 0) { perror("readlink"); - buf[0] = 0; - } else { + buf[0] = 0; + } else if ( rv < BUFSIZ ) { buf[rv] = 0; + } else { + buf[BUFSIZ-1] = 0; } fprintf(stderr, "%s is a link to %s\n", myPath, buf); } else if (S_ISDIR(sb.st_mode)) { diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/CryptoManager.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/CryptoManager.c --- a/security/jss/org/mozilla/jss/CryptoManager.c 2011-09-17 17:33:08.823975000 -0700 +++ b/security/jss/org/mozilla/jss/CryptoManager.c 2011-09-17 20:09:35.446977000 -0700 @@ -728,14 +728,14 @@ getPWFromCallback(PK11SlotInfo *slot, PR } finish: - if( (exception=(*env)->ExceptionOccurred(env)) != NULL) { #ifdef DEBUG + if( (exception=(*env)->ExceptionOccurred(env)) != NULL) { jclass giveupClass; jmethodID printStackTrace; jclass excepClass; -#endif + (*env)->ExceptionClear(env); -#ifdef DEBUG + giveupClass = (*env)->FindClass(env, GIVE_UP_EXCEPTION); PR_ASSERT(giveupClass != NULL); if( ! (*env)->IsInstanceOf(env, exception, giveupClass) ) { @@ -746,8 +746,12 @@ finish: PR_ASSERT( PR_FALSE ); } PR_ASSERT(returnchars==NULL); -#endif } +#else + if( ((*env)->ExceptionOccurred(env)) != NULL) { + (*env)->ExceptionClear(env); + } +#endif return returnchars; } diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/PK11Finder.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/PK11Finder.c --- a/security/jss/org/mozilla/jss/PK11Finder.c 2011-09-17 17:33:08.834976000 -0700 +++ b/security/jss/org/mozilla/jss/PK11Finder.c 2011-09-19 16:51:46.438021000 -0700 @@ -768,6 +768,10 @@ static int find_leaf_cert( int *linked = NULL; linked = PR_Malloc( sizeof(int) * numCerts ); + if (linked == NULL) { + status = 0; + goto finish; + } /* initialize the bitmap */ for (i = 0; i < numCerts; i++) { @@ -1735,7 +1739,7 @@ Java_org_mozilla_jss_CryptoManager_verif { SECStatus rv = SECFailure; SECCertUsage certUsage; - SECItem *derCerts[2]; + SECItem *derCerts[2] = { NULL, NULL }; CERTCertificate **certArray = NULL; CERTCertDBHandle *certdb = CERT_GetDefaultCertDB(); @@ -1749,7 +1753,6 @@ Java_org_mozilla_jss_CryptoManager_verif } PR_ASSERT(certdb != NULL); - derCerts[0] = NULL; derCerts[0] = JSS_ByteArrayToSECItem(env, packageArray); derCerts[1] = NULL; diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/crypto/Algorithm.c --- a/security/jss/org/mozilla/jss/crypto/Algorithm.c 2011-09-17 17:33:08.708976000 -0700 +++ b/security/jss/org/mozilla/jss/crypto/Algorithm.c 2011-09-17 19:37:52.834292000 -0700 @@ -235,7 +235,7 @@ static PRStatus getAlgInfo(JNIEnv *env, jobject alg, JSS_AlgInfo *info) { jint index; - PRStatus status; + PRStatus status = PR_FAILURE; PR_ASSERT(env!=NULL && alg!=NULL && info!=NULL); diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c --- a/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c 2011-09-17 17:33:08.970975000 -0700 +++ b/security/jss/org/mozilla/jss/pkcs11/PK11MessageDigest.c 2011-09-17 19:47:21.850722000 -0700 @@ -181,7 +181,7 @@ Java_org_mozilla_jss_pkcs11_PK11MessageD PK11Context *context=NULL; jbyte *bytes=NULL; SECStatus status; - unsigned int outLen; + unsigned int outLen = 0; if( JSS_PK11_getCipherContext(env, proxyObj, &context) != PR_SUCCESS) { /* exception was thrown */ diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c --- a/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c 2011-09-17 17:33:09.013977000 -0700 +++ b/security/jss/org/mozilla/jss/pkcs11/PK11PubKey.c 2011-09-17 18:16:40.231161000 -0700 @@ -273,6 +273,7 @@ Java_org_mozilla_jss_pkcs11_PK11PubKey_g break; case keaKey: keyTypeFieldName = KEA_KEYTYPE_FIELD; + break; default: PR_ASSERT(PR_FALSE); keyTypeFieldName = NULL_KEYTYPE_FIELD; diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Store.c --- a/security/jss/org/mozilla/jss/pkcs11/PK11Store.c 2011-09-17 17:33:09.032977000 -0700 +++ b/security/jss/org/mozilla/jss/pkcs11/PK11Store.c 2011-09-17 19:48:57.776628000 -0700 @@ -390,12 +390,6 @@ importPrivateKey SECStatus status; SECItem nickname; - keyType = JSS_PK11_getKeyType(env, keyTypeObj); - if( keyType == nullKey ) { - /* exception was thrown */ - goto finish; - } - /* * initialize so we can goto finish */ @@ -403,6 +397,12 @@ importPrivateKey derPK.len = 0; + keyType = JSS_PK11_getKeyType(env, keyTypeObj); + if( keyType == nullKey ) { + /* exception was thrown */ + goto finish; + } + PR_ASSERT(env!=NULL && this!=NULL); if(keyArray == NULL) { diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11Token.c --- a/security/jss/org/mozilla/jss/pkcs11/PK11Token.c 2011-09-17 17:33:09.050976000 -0700 +++ b/security/jss/org/mozilla/jss/pkcs11/PK11Token.c 2011-09-17 19:53:46.184339000 -0700 @@ -962,12 +962,12 @@ JNIEXPORT jstring JNICALL Java_org_mozil { PK11SlotInfo *slot; const char* c_subject=NULL; - jboolean isCopy; + jboolean isCopy = JNI_FALSE; unsigned char *b64request=NULL; SECItem p, q, g; PQGParams *dsaParams=NULL; const char* c_keyType; - jboolean k_isCopy; + jboolean k_isCopy = JNI_FALSE; SECOidTag signType = SEC_OID_UNKNOWN; PK11RSAGenParams rsaParams; void *params = NULL; diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/SSLSocket.c --- a/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2011-09-17 17:33:09.073977000 -0700 +++ b/security/jss/org/mozilla/jss/ssl/SSLSocket.c 2011-09-17 19:56:20.428184000 -0700 @@ -516,11 +516,6 @@ Java_org_mozilla_jss_ssl_SSLSocket_socke goto finish; } - if( addrBAelems == NULL ) { - ASSERT_OUTOFMEM(env); - goto finish; - } - if(addrBALen != 4 && addrBALen != 16) { JSSL_throwSSLSocketException(env, "Invalid address in connect!"); goto finish; @@ -720,7 +715,7 @@ Java_org_mozilla_jss_ssl_SSLSocket_getCi { JSSL_SocketData *sock=NULL; SECStatus status; - PRBool enabled; + PRBool enabled = PR_FAILURE; /* get the fd */ if( JSSL_getSockData(env, sockObj, &sock) != PR_SUCCESS) { diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/callbacks.c --- a/security/jss/org/mozilla/jss/ssl/callbacks.c 2004-09-03 11:32:03.000000000 -0700 +++ b/security/jss/org/mozilla/jss/ssl/callbacks.c 2011-09-17 18:15:07.825252000 -0700 @@ -684,17 +684,13 @@ JSSL_ConfirmExpiredPeerCert(void *arg, P * Now check the name field in the cert against the desired hostname. * NB: This is our only defense against Man-In-The-Middle (MITM) attacks! */ - if( peerCert == NULL ) { - rv = SECFailure; + char* hostname = NULL; + hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */ + if (hostname && hostname[0]) { + rv = CERT_VerifyCertName(peerCert, hostname); + PORT_Free(hostname); } else { - char* hostname = NULL; - hostname = SSL_RevealURL(fd); /* really is a hostname, not a URL */ - if (hostname && hostname[0]) { - rv = CERT_VerifyCertName(peerCert, hostname); - PORT_Free(hostname); - } else { - rv = SECFailure; - } + rv = SECFailure; } } diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/ssl/javasock.c --- a/security/jss/org/mozilla/jss/ssl/javasock.c 2011-09-17 17:33:09.094977000 -0700 +++ b/security/jss/org/mozilla/jss/ssl/javasock.c 2011-09-17 19:16:38.546566000 -0700 @@ -95,6 +95,10 @@ writebuf(JNIEnv *env, PRFileDesc *fd, jo jint arrayLen=-1; PRInt32 retval; + if( env == NULL ) { + goto finish; + } + /* * get the OutputStream */ diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/NativeErrcodes.c --- a/security/jss/org/mozilla/jss/util/NativeErrcodes.c 2002-07-03 17:25:46.000000000 -0700 +++ b/security/jss/org/mozilla/jss/util/NativeErrcodes.c 2011-09-18 23:02:28.130883000 -0700 @@ -427,6 +427,7 @@ JSS_ConvertNativeErrcodeToJava(PRErrorCo #endif key.native = nativeErrcode; + key.java = -1; target = bsearch( &key, errcodeTable, numErrcodes, sizeof(Errcode), errcodeCompare ); diff -rupN jss-4.2.6.orig/mozilla/security/jss/org/mozilla/jss/util/jssutil.c jss-4.2.6/mozilla/security/jss/org/mozilla/jss/util/jssutil.c --- a/security/jss/org/mozilla/jss/util/jssutil.c 2011-09-17 17:33:09.103977000 -0700 +++ b/security/jss/org/mozilla/jss/util/jssutil.c 2011-09-19 16:38:19.428634000 -0700 @@ -529,7 +529,7 @@ JSS_wipeCharArray(char* array) */ static char* getPWFromConsole() { - char c; + int c; char *ret; int i; char buf[200]; /* no buffer overflow: we bail after 200 chars */