Bug 564584 @mozilla.org/security/certoverride;1 overrides crashes the application [@ nsNSSComponent::LogoutAuthenticatedPK11], r=kaie, a=dveditz
authortimeless@mozdev.org
Tue, 21 Dec 2010 18:28:08 +0100
changeset 27267 7feca19ea3b0c9cabfc0cde916224c8240e02b48
parent 27266 3999bed254a9f93d0f64b461434e6d00a387d099
child 27268 612ff691af63640caf2204fb4e9a25ba4fd07088
push id2612
push userkaie@kuix.de
push dateTue, 21 Dec 2010 17:28:19 +0000
reviewerskaie, dveditz
bugs564584
milestone1.9.1.17pre
Bug 564584 @mozilla.org/security/certoverride;1 overrides crashes the application [@ nsNSSComponent::LogoutAuthenticatedPK11], r=kaie, a=dveditz
security/manager/ssl/public/nsICertOverrideService.idl
security/manager/ssl/src/nsCertOverrideService.cpp
security/manager/ssl/src/nsNSSComponent.cpp
--- a/security/manager/ssl/public/nsICertOverrideService.idl
+++ b/security/manager/ssl/public/nsICertOverrideService.idl
@@ -128,18 +128,20 @@ interface nsICertOverrideService : nsISu
                               out ACString aFingerprint,
                               out PRUint32 aOverrideBits,
                               out boolean aIsTemporary);
 
   /**
    *  Remove a override for the given hostname:port.
    *
    *  @param aHostName The host (punycode) whose entry should be cleared.
-   *  @param aPort The port whose entry should be cleared, if it is -1 then it 
-   *          is internaly treated as 443
+   *  @param aPort The port whose entry should be cleared.
+   *               If it is -1, then it is internaly treated as 443.
+   *               If it is 0 and aHostName is "all:temporary-certificates",
+   *               then all temporary certificates should be cleared.
    */
   void clearValidityOverride(in ACString aHostName,
                              in PRInt32 aPort);
 
   /**
    *  Obtain the full list of hostname:port for which overrides are known.
    *
    *  @param aCount The number of host:port entries returned
--- a/security/manager/ssl/src/nsCertOverrideService.cpp
+++ b/security/manager/ssl/src/nsCertOverrideService.cpp
@@ -689,16 +689,21 @@ nsCertOverrideService::AddEntryToList(co
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsCertOverrideService::ClearValidityOverride(const nsACString & aHostName, PRInt32 aPort)
 {
+  if (aPort == 0 &&
+      aHostName.EqualsLiteral("all:temporary-certificates")) {
+    RemoveAllTemporaryOverrides();
+    return NS_OK;
+  }
   nsCAutoString hostPort;
   GetHostWithPort(aHostName, aPort, hostPort);
   {
     nsAutoMonitor lock(monitor);
     mSettingsTable.RemoveEntry(hostPort.get());
     Write();
   }
   SSL_ClearSessionCache();
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -2271,22 +2271,20 @@ void nsNSSComponent::ShowAlert(AlertIden
     }
   }
 }
 
 nsresult nsNSSComponent::LogoutAuthenticatedPK11()
 {
   nsCOMPtr<nsICertOverrideService> icos = 
     do_GetService("@mozilla.org/security/certoverride;1");
-    
-  nsCertOverrideService *cos = 
-    reinterpret_cast<nsCertOverrideService*>(icos.get());
-
-  if (cos) {
-    cos->RemoveAllTemporaryOverrides();
+  if (icos) {
+    icos->ClearValidityOverride(
+            NS_LITERAL_CSTRING("all:temporary-certificates"),
+            0);
   }
 
   if (mClientAuthRememberService) {
     mClientAuthRememberService->ClearRememberedDecisions();
   }
 
   return mShutdownObjectList->doPK11Logout();
 }