[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 84/156: 222173

Wed Jul 2 13:55:31 UTC 2014

This is an automated email from the git hooks/post-receive script.

tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.

commit c6f1107dac6935dae497c08f3afbdaf503d693f5
Author: rcritten <>
Date:   Wed Jan 10 20:56:00 2007 +0000

    222173
    
    Stop processing tokens when a login fails so we can correctly report
    the failure.
    
    Fix an off-by-one error in nss_pcache that prevented 1 character
    passwords (not a huge problem but a bug none-the-less).
---
 nss_engine_pphrase.c | 13 ++++++++++---
 nss_pcache.c         |  6 ++++--
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index 981ebff..6badfe8 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -85,8 +85,15 @@ SECStatus nss_Init_Tokens(server_rec *s)
 
         ret = PK11_Authenticate(slot, PR_TRUE, parg);
         if (SECSuccess != ret) {
-            status = SECFailure;
-            break;
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+                "Password for slot %s is incorrect.", PK11_GetTokenName(slot));
+            PK11_FreeSlot(slot);
+            /* We return here rather than breaking because:
+               1. All tokens must be logged for the server to work.
+               2. We'll get a bogus error message from nss_engine_init, -8053,
+                  instead of -8177.
+             */
+            return SECFailure; 
         }
         parg->retryCount = 0; /* reset counter to 0 for the next token */
         PK11_FreeSlot(slot);
@@ -153,7 +160,7 @@ static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
         if (rv != APR_SUCCESS ||
            (res != PIN_SUCCESS && res != PIN_INCORRECTPW)) {
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
-                "Unable to read from pin store for slot: %s APR err: %d",  PK11_GetTokenName(slot), rv);
+                "Unable to read from pin store for slot: %s APR err: %d pcache: %d",  PK11_GetTokenName(slot), rv, res);
             nss_die();
         }
     }
diff --git a/nss_pcache.c b/nss_pcache.c
index 65a7a02..8e0f70f 100644
--- a/nss_pcache.c
+++ b/nss_pcache.c
@@ -445,12 +445,13 @@ char * getstr(const char * cmd, int el) {
 
     work = strdup(cmd);
     s = t = work;
+    r = NULL;
 
     peek = s;
     if (peek)
         peek++;
     while (*s) {
-        if (*s == '\t' || *peek == '\0') {
+        if (*s == '\t' || *s == '\0') {
             if (i == el) {
                 if (*peek != '\0')
                     *s = '\0';
@@ -468,8 +469,9 @@ char * getstr(const char * cmd, int el) {
         peek++;
     }
 
+    if (t) r = strdup(t);
     free(work);
-    return NULL;
+    return r;
 }
 
 /*

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git

