bug 1328456 - disallow empty token names for nsIPK11TokenDB.findTokenByName r?Cykesiopka
MozReview-Commit-ID: 5SBxAUjX579
--- a/security/manager/pki/resources/content/resetpassword.js
+++ b/security/manager/pki/resources/content/resetpassword.js
@@ -1,34 +1,19 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* import-globals-from pippki.js */
"use strict";
-const nsPK11TokenDB = "@mozilla.org/security/pk11tokendb;1";
-const nsIPK11TokenDB = Components.interfaces.nsIPK11TokenDB;
-const nsIDialogParamBlock = Components.interfaces.nsIDialogParamBlock;
-
-var tokenName;
-
-function onLoad()
-{
- if ("arguments" in window) {
- var params = window.arguments[0].QueryInterface(nsIDialogParamBlock);
- tokenName = params.GetString(1);
- } else {
- tokenName = self.name;
- }
-}
-
function resetPassword()
{
- var pk11db = Components.classes[nsPK11TokenDB].getService(nsIPK11TokenDB);
- var token = pk11db.findTokenByName(tokenName);
+ var pk11db = Components.classes["@mozilla.org/security/pk11tokendb;1"]
+ .getService(Components.interfaces.nsIPK11TokenDB);
+ var token = pk11db.getInternalKeyToken();
token.reset();
try {
var loginManager = Components.classes["@mozilla.org/login-manager;1"].
getService(Components.interfaces.nsILoginManager);
loginManager.removeAllLogins();
} catch (e) {
}
@@ -39,9 +24,8 @@ function resetPassword()
if (promptService && bundle) {
promptService.alert(window,
bundle.getString("resetPasswordConfirmationTitle"),
bundle.getString("resetPasswordConfirmationMessage"));
}
return true;
}
-
--- a/security/manager/pki/resources/content/resetpassword.xul
+++ b/security/manager/pki/resources/content/resetpassword.xul
@@ -3,22 +3,22 @@
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE dialog SYSTEM "chrome://pippki/locale/pippki.dtd">
<dialog id="reset_password" title="&resetPassword.title;"
- xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
+ xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
buttons="accept,cancel"
buttonlabelaccept="&resetPasswordButtonLabel;"
defaultButton="cancel"
ondialogaccept="return resetPassword();"
- style="width: 40em;" onload="onLoad();">
+ style="width: 40em;">
<stringbundle id="pippki_bundle" src="chrome://pippki/locale/pippki.properties"/>
<script type="application/javascript" src="chrome://pippki/content/pippki.js"/>
<script type="application/javascript" src="chrome://pippki/content/resetpassword.js"/>
<hbox flex="1">
<vbox>
--- a/security/manager/ssl/nsIPK11TokenDB.idl
+++ b/security/manager/ssl/nsIPK11TokenDB.idl
@@ -26,17 +26,21 @@ interface nsISimpleEnumerator;
interface nsIPK11TokenDB : nsISupports
{
/*
* Get the internal key database token
*/
nsIPK11Token getInternalKeyToken();
/*
- * Find a token by name
+ * Find a token by name. Throws NS_ERROR_FAILURE if no token with the given
+ * name can be found.
+ * @param tokenName a string identifying the name of the token. Must be
+ * non-empty.
+ * @return a token with the given name
*/
nsIPK11Token findTokenByName(in AUTF8String tokenName);
/*
* List all tokens
*/
nsISimpleEnumerator listTokens();
};
--- a/security/manager/ssl/nsPK11TokenDB.cpp
+++ b/security/manager/ssl/nsPK11TokenDB.cpp
@@ -462,16 +462,20 @@ nsPK11TokenDB::FindTokenByName(const nsA
{
NS_ENSURE_ARG_POINTER(_retval);
nsNSSShutDownPreventionLock locker;
if (isAlreadyShutDown()) {
return NS_ERROR_NOT_AVAILABLE;
}
+ if (tokenName.IsEmpty()) {
+ return NS_ERROR_ILLEGAL_VALUE;
+ }
+
UniquePK11SlotInfo slot(
PK11_FindSlotByName(PromiseFlatCString(tokenName).get()));
if (!slot) {
return NS_ERROR_FAILURE;
}
nsCOMPtr<nsIPK11Token> token = new nsPK11Token(slot.get());
token.forget(_retval);
--- a/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
+++ b/security/manager/ssl/tests/unit/test_pkcs11_tokenDB.js
@@ -37,9 +37,12 @@ function run_test() {
let token = tokenListPostLoad.getNext().QueryInterface(Ci.nsIPK11Token);
foundTokenNames.push(token.tokenName);
}
ok(foundTokenNames.includes("Test PKCS11 TokeƱ 2 Label"),
"Test PKCS11 Token 2 should be listed after module load");
notEqual(tokenDB.findTokenByName("Test PKCS11 TokeƱ 2 Label"), null,
"Test token 2 should be findable by name after loading test module");
+
+ throws(() => tokenDB.findTokenByName(""), /NS_ERROR_ILLEGAL_VALUE/,
+ "nsIPK11TokenDB.findTokenByName should throw given an empty name");
}
--- a/toolkit/components/passwordmgr/test/pwmgr_common.js
+++ b/toolkit/components/passwordmgr/test/pwmgr_common.js
@@ -216,17 +216,17 @@ function setMasterPassword(enable) {
} else {
oldPW = masterPassword;
newPW = "";
}
// Set master password. Note that this does not log you in, so the next
// invocation of pwmgr can trigger a MP prompt.
var pk11db = Cc["@mozilla.org/security/pk11tokendb;1"].getService(Ci.nsIPK11TokenDB);
- var token = pk11db.findTokenByName("");
+ var token = pk11db.getInternalKeyToken();
info("MP change from " + oldPW + " to " + newPW);
token.changePassword(oldPW, newPW);
}
function logoutMasterPassword() {
var sdr = Cc["@mozilla.org/security/sdr;1"].getService(Ci.nsISecretDecoderRing);
sdr.logoutAndTeardown();
}