summaryrefslogtreecommitdiff
path: root/security/nss/lib/softoken/sdb.c
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-08-14 07:52:35 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-08-14 16:42:52 +0200
commit16695590ed53e6047689eb65d2160e2122960868 (patch)
tree5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/lib/softoken/sdb.c
parent61fbbabbd158f2322d68073f60d76a888d20e040 (diff)
downloaduxp-16695590ed53e6047689eb65d2160e2122960868.tar.gz
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/lib/softoken/sdb.c')
-rw-r--r--security/nss/lib/softoken/sdb.c69
1 files changed, 59 insertions, 10 deletions
diff --git a/security/nss/lib/softoken/sdb.c b/security/nss/lib/softoken/sdb.c
index 96717cb268..fb897d68cc 100644
--- a/security/nss/lib/softoken/sdb.c
+++ b/security/nss/lib/softoken/sdb.c
@@ -37,6 +37,10 @@
#elif defined(XP_UNIX)
#include <unistd.h>
#endif
+#if defined(LINUX) && !defined(ANDROID)
+#include <linux/magic.h>
+#include <sys/vfs.h>
+#endif
#include "utilpars.h"
#ifdef SQLITE_UNSAFE_THREADS
@@ -154,7 +158,8 @@ static const CK_ATTRIBUTE_TYPE known_attributes[] = {
CKA_TRUST_EMAIL_PROTECTION, CKA_TRUST_IPSEC_END_SYSTEM,
CKA_TRUST_IPSEC_TUNNEL, CKA_TRUST_IPSEC_USER, CKA_TRUST_TIME_STAMPING,
CKA_TRUST_STEP_UP_APPROVED, CKA_CERT_SHA1_HASH, CKA_CERT_MD5_HASH,
- CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS
+ CKA_NETSCAPE_DB, CKA_NETSCAPE_TRUST, CKA_NSS_OVERRIDE_EXTENSIONS,
+ CKA_PUBLIC_KEY_INFO
};
static int known_attributes_size = sizeof(known_attributes) /
@@ -643,13 +648,18 @@ static int
sdb_openDB(const char *name, sqlite3 **sqlDB, int flags)
{
int sqlerr;
- /*
- * in sqlite3 3.5.0, there is a new open call that allows us
- * to specify read only. Most new OS's are still on 3.3.x (including
- * NSS's internal version and the version shipped with Firefox).
- */
+ int openFlags;
+
*sqlDB = NULL;
- sqlerr = sqlite3_open(name, sqlDB);
+
+ if (flags & SDB_RDONLY) {
+ openFlags = SQLITE_OPEN_READONLY;
+ } else {
+ openFlags = SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE;
+ }
+
+ /* Requires SQLite 3.5.0 or newer. */
+ sqlerr = sqlite3_open_v2(name, sqlDB, openFlags, NULL);
if (sqlerr != SQLITE_OK) {
return sqlerr;
}
@@ -1757,6 +1767,8 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
PRIntervalTime now = 0;
char *env;
PRBool enableCache = PR_FALSE;
+ PRBool checkFSType = PR_FALSE;
+ PRBool measureSpeed = PR_FALSE;
PRBool create;
int flags = inFlags & 0x7;
@@ -1917,11 +1929,48 @@ sdb_init(char *dbname, char *table, sdbDataType type, int *inUpdate,
env = PR_GetEnvSecure("NSS_SDB_USE_CACHE");
- if (!env || PORT_Strcasecmp(env, "no") == 0) {
- enableCache = PR_FALSE;
+ /* Variables enableCache, checkFSType, measureSpeed are PR_FALSE by default,
+ * which is the expected behavior for NSS_SDB_USE_CACHE="no".
+ * We don't need to check for "no" here. */
+ if (!env) {
+ /* By default, with no variable set, we avoid expensive measuring for
+ * most FS types. We start with inexpensive FS type checking, and
+ * might perform measuring for some types. */
+ checkFSType = PR_TRUE;
} else if (PORT_Strcasecmp(env, "yes") == 0) {
enableCache = PR_TRUE;
- } else {
+ } else if (PORT_Strcasecmp(env, "no") != 0) { /* not "no" => "auto" */
+ measureSpeed = PR_TRUE;
+ }
+
+ if (checkFSType) {
+#if defined(LINUX) && !defined(ANDROID)
+ struct statfs statfs_s;
+ if (statfs(dbname, &statfs_s) == 0) {
+ switch (statfs_s.f_type) {
+ case SMB_SUPER_MAGIC:
+ case 0xff534d42: /* CIFS_MAGIC_NUMBER */
+ case NFS_SUPER_MAGIC:
+ /* We assume these are slow. */
+ enableCache = PR_TRUE;
+ break;
+ case CODA_SUPER_MAGIC:
+ case 0x65735546: /* FUSE_SUPER_MAGIC */
+ case NCP_SUPER_MAGIC:
+ /* It's uncertain if this FS is fast or slow.
+ * It seems reasonable to perform slow measuring for users
+ * with questionable FS speed. */
+ measureSpeed = PR_TRUE;
+ break;
+ case AFS_SUPER_MAGIC: /* Already implements caching. */
+ default:
+ break;
+ }
+ }
+#endif
+ }
+
+ if (measureSpeed) {
char *tempDir = NULL;
PRUint32 tempOps = 0;
/*