Skip to content
Commits on Source (2)
Show whitespace changes
Inline Side-by-side
debian/changelog
View file @ 74d1a911
jss (4.6.1-2) unstable; urgency=medium
* fix-bufferprfd.diff: Fix tests on big-endian.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 10 Sep 2019 07:13:43 +0300
jss (4.6.1-1) unstable; urgency=medium
* New upstream release.
......
debian/patches/fix-bufferprfd.diff 0 → 100644
View file @ 74d1a911
commit a272589d079eca9d3e056eeee386f30ef8cbc0f4
Author: Alexander Scheel <ascheel@redhat.com>
Date: Thu Aug 15 15:08:28 2019 -0400
Fix BufferPRFD's PRBufferGetSocketOption
PRBufferGetSocketOption takes two parameters: the PRFileDesc that we're
operating on and a PRSocketOptionData where we place the result. I
incorrectly treated this as a struct holding all options for a socket.
In reality, it contains two fields:
- the option requested
- the value of that option (via a union)
We thus need to condition on the option requested and return *only* its
value.
Under the previous implementation, we clobbered all options we set,
except the last one, data->value.send_buffer_size. In TestBufferPRFD.c,
we set the capacity of the buffer as 2048. Since sizeof(PRSize) >=
sizeof(PRBool), we did not perform an out of bounds write. On big endian
systems such as s390x, we stored the value 0x00000000 00000800: this
meant accessing data->value.non_blocking returned PR_FALSE (0x00).
Since the condition in ssl_FdIsBlocking is "!opt.value.non_blocking",
this resulted in NSS assuming our buffer was blocking.
Many thanks to Bob Relyea for finding this.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1730109
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
diff --git a/org/mozilla/jss/ssl/javax/BufferPRFD.c b/org/mozilla/jss/ssl/javax/BufferPRFD.c
index ba7206d4..7929f64d 100644
--- a/org/mozilla/jss/ssl/javax/BufferPRFD.c
+++ b/org/mozilla/jss/ssl/javax/BufferPRFD.c
@@ -189,34 +189,55 @@ static PRInt32 PRBufferRecv(PRFileDesc *fd, void *buf, PRInt32 amount, PRIntn fl
// Fake responses to getSocketOption requests
static PRStatus PRBufferGetSocketOption(PRFileDesc *fd, PRSocketOptionData *data)
{
- /* getSocketOption takes a PRFileDesc and modifies the PRSocketOptionData
- * with the options on this. We set a couple of sane defaults here:
+ /* getSocketOption takes a PRFileDesc and modifies the value field of data
+ * with socket option specified in the option field. We fake responses with
+ * a couple of sane defaults here:
*
* non_blocking = true
* reuse_addr = true
* keep_alive = false
* no_delay = true
*
- * However the list above is far fom extensive. Note that responses are
- * "fake" in that calls to setSocketOption fail to reflect here.
+ * We return valid responses to three other options:
+ *
+ * max_segment = capacity of read_buffer
+ * recv_buffer_size = capacity of read buffer
+ * send_buffer_size = capacity of write buffer
+ *
+ * Note that all responses are "fake" in that calls to SetSocketOption will
+ * not be reflected here.
*/
- if (data) {
- PRFilePrivate *internal = fd->secret;
+ if (!data || !fd) {
+ return PR_FAILURE;
+ }
+ PRFilePrivate *internal = fd->secret;
+ switch (data->option) {
+ case PR_SockOpt_Nonblocking:
data->value.non_blocking = PR_TRUE;
+ return PR_SUCCESS;
+ case PR_SockOpt_Reuseaddr:
data->value.reuse_addr = PR_TRUE;
+ return PR_SUCCESS;
+ case PR_SockOpt_Keepalive:
data->value.keep_alive = PR_FALSE;
- data->value.mcast_loopback = PR_FALSE;
+ return PR_SUCCESS;
+ case PR_SockOpt_NoDelay:
data->value.no_delay = PR_TRUE;
+ return PR_SUCCESS;
+ case PR_SockOpt_MaxSegment:
data->value.max_segment = jb_capacity(internal->read_buffer);
+ return PR_SUCCESS;
+ case PR_SockOpt_RecvBufferSize:
data->value.recv_buffer_size = jb_capacity(internal->read_buffer);
+ return PR_SUCCESS;
+ case PR_SockOpt_SendBufferSize:
data->value.send_buffer_size = jb_capacity(internal->write_buffer);
-
return PR_SUCCESS;
+ default:
+ return PR_FAILURE;
}
-
- return PR_FAILURE;
}
// Fake responses to setSocketOption
debian/patches/series
View file @ 74d1a911
#placeholder
fix-bufferprfd.diff