diff options
author | Christina Fu <cfu@redhat.com> | 2012-01-19 10:11:02 -0800 |
---|---|---|
committer | Christina Fu <cfu@redhat.com> | 2012-01-19 10:16:28 -0800 |
commit | 72d5d935ac9091cb4dc7bd99875ccee48318ff25 (patch) | |
tree | 191f9620b67fb28c557bc4cc2817315eee0255d3 /pki/base/tps | |
parent | 413d6cb605497b43a48772b3c234b4062f44de54 (diff) | |
download | pki-72d5d935ac9091cb4dc7bd99875ccee48318ff25.tar.gz pki-72d5d935ac9091cb4dc7bd99875ccee48318ff25.tar.xz pki-72d5d935ac9091cb4dc7bd99875ccee48318ff25.zip |
Bug 769739 - CC: self test verifySystemCertByNickname: certain failure will not cause server to shutdown as expected
There are two issues: 1. The variable, r, returned by verifySystemCertByTag() gets overwritten by the next return value in a while loop. The problem affects both java subsystems and TPS. 2. In the TPS system, within a while loop that calls verifySystemCertByNickname(), one condition does a "continue" without advancing to the next token, causing an infinite loop under that condition. Adding a PL_strtok_r(NULL, ",", &lasts); call resolves the issue.
Diffstat (limited to 'pki/base/tps')
-rw-r--r-- | pki/base/tps/src/engine/RA.cpp | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp index 7b8e7adcc..862b9e105 100644 --- a/pki/base/tps/src/engine/RA.cpp +++ b/pki/base/tps/src/engine/RA.cpp @@ -3399,7 +3399,8 @@ TPS_PUBLIC bool RA::verifySystemCertByNickname(const char *nickname, const char * tps.cert.audit_signing.certusage=ObjectSigner */ TPS_PUBLIC bool RA::verifySystemCerts() { - bool rv = false; + bool verifyResult = false; + bool rv = false; /* final return value */ char configname[256]; char configname_nn[256]; char configname_cu[256]; @@ -3434,6 +3435,7 @@ TPS_PUBLIC bool RA::verifySystemCerts() { "cert nickname not found for cert tag:%s", sresult); PR_snprintf(audit_msg, 512, "%s undefined in CS.cfg", configname_nn); RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Failure", audit_msg); + sresult = PL_strtok_r(NULL, ",", &lasts); rv = false; continue; } @@ -3451,14 +3453,15 @@ TPS_PUBLIC bool RA::verifySystemCerts() { "Verifying cert tag: %s, nickname:%s, certificate usage:%s" , sresult, nn, (cu!=NULL)? cu: ""); - rv = verifySystemCertByNickname(nn, cu); - if (rv == true) { + verifyResult = verifySystemCertByNickname(nn, cu); + if (verifyResult == true) { RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", "cert verification passed on cert nickname:%s", nn); PR_snprintf(audit_msg, 512, "Certificate verification succeeded:%s", nn); RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Success", audit_msg); } else { + rv = false; RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", "cert verification failed on cert nickname:%s", nn); PR_snprintf(audit_msg, 512, "Certificate verification failed:%s", |