[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 84/156: 222173
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:31 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit c6f1107dac6935dae497c08f3afbdaf503d693f5
Author: rcritten <>
Date: Wed Jan 10 20:56:00 2007 +0000
222173
Stop processing tokens when a login fails so we can correctly report
the failure.
Fix an off-by-one error in nss_pcache that prevented 1 character
passwords (not a huge problem but a bug none-the-less).
---
nss_engine_pphrase.c | 13 ++++++++++---
nss_pcache.c | 6 ++++--
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/nss_engine_pphrase.c b/nss_engine_pphrase.c
index 981ebff..6badfe8 100644
--- a/nss_engine_pphrase.c
+++ b/nss_engine_pphrase.c
@@ -85,8 +85,15 @@ SECStatus nss_Init_Tokens(server_rec *s)
ret = PK11_Authenticate(slot, PR_TRUE, parg);
if (SECSuccess != ret) {
- status = SECFailure;
- break;
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ "Password for slot %s is incorrect.", PK11_GetTokenName(slot));
+ PK11_FreeSlot(slot);
+ /* We return here rather than breaking because:
+ 1. All tokens must be logged for the server to work.
+ 2. We'll get a bogus error message from nss_engine_init, -8053,
+ instead of -8177.
+ */
+ return SECFailure;
}
parg->retryCount = 0; /* reset counter to 0 for the next token */
PK11_FreeSlot(slot);
@@ -153,7 +160,7 @@ static char * nss_password_prompt(PK11SlotInfo *slot, PRBool retry, void *arg)
if (rv != APR_SUCCESS ||
(res != PIN_SUCCESS && res != PIN_INCORRECTPW)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
- "Unable to read from pin store for slot: %s APR err: %d", PK11_GetTokenName(slot), rv);
+ "Unable to read from pin store for slot: %s APR err: %d pcache: %d", PK11_GetTokenName(slot), rv, res);
nss_die();
}
}
diff --git a/nss_pcache.c b/nss_pcache.c
index 65a7a02..8e0f70f 100644
--- a/nss_pcache.c
+++ b/nss_pcache.c
@@ -445,12 +445,13 @@ char * getstr(const char * cmd, int el) {
work = strdup(cmd);
s = t = work;
+ r = NULL;
peek = s;
if (peek)
peek++;
while (*s) {
- if (*s == '\t' || *peek == '\0') {
+ if (*s == '\t' || *s == '\0') {
if (i == el) {
if (*peek != '\0')
*s = '\0';
@@ -468,8 +469,9 @@ char * getstr(const char * cmd, int el) {
peek++;
}
+ if (t) r = strdup(t);
free(work);
- return NULL;
+ return r;
}
/*
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list