Bug 1382278, certutil -A creates uninitialised database, r=kaie
authorBob Relyea <rrelyea@redhat.com>
Mon, 18 Sep 2017 20:02:58 +0200
changeset 13595 18edd4ad8389d50d4231cc1a545a468dbb11185c
parent 13594 70109a01ce53328b511aaa6c839593a3282cb725
child 13598 90466c1d10ccab654543ba26958e12c15d987db5
push id2380
push userkaie@kuix.de
push dateMon, 18 Sep 2017 18:02:45 +0000
reviewerskaie
bugs1382278
Bug 1382278, certutil -A creates uninitialised database, r=kaie
cmd/certutil/certutil.c
--- a/cmd/certutil/certutil.c
+++ b/cmd/certutil/certutil.c
@@ -3005,16 +3005,43 @@ certutil_main(int argc, char **argv, PRB
                                 certutil.options[opt_NewPasswordFile].arg);
         }
         if (rv != SECSuccess) {
             SECU_PrintError(progName, "Could not set password for the slot");
             goto shutdown;
         }
     }
 
+    /* if we are going to modify the cert database,
+     * make sure it's initialized */
+    if (certutil.commands[cmd_ModifyCertTrust].activated ||
+        certutil.commands[cmd_CreateAndAddCert].activated ||
+        certutil.commands[cmd_AddCert].activated ||
+        certutil.commands[cmd_AddEmailCert].activated) {
+        if (PK11_NeedUserInit(slot)) {
+            char *password = NULL;
+            /* fetch the password from the command line or the file
+             * if no password is supplied, initialize the password to NULL */
+            if (pwdata.source == PW_FROMFILE) {
+                password = SECU_FilePasswd(slot, PR_FALSE, pwdata.data);
+            } else if (pwdata.source == PW_PLAINTEXT) {
+                password = PL_strdup(pwdata.data);
+            }
+            rv = PK11_InitPin(slot, (char *)NULL, password ? password : "");
+            if (password) {
+                PORT_Memset(password, 0, PL_strlen(password));
+                PORT_Free(password);
+            }
+            if (rv != SECSuccess) {
+                SECU_PrintError(progName, "Could not set password for the slot");
+                goto shutdown;
+            }
+        }
+    }
+
     /* walk through the upgrade merge if necessary.
      * This option is more to test what some applications will want to do
      * to do an automatic upgrade. The --merge command is more useful for
      * the general case where 2 database need to be merged together.
      */
     if (certutil.commands[cmd_UpgradeMerge].activated) {
         if (*upgradeTokenName == 0) {
             upgradeTokenName = upgradeID;