--- a/security/manager/ssl/CertBlocklist.cpp
+++ b/security/manager/ssl/CertBlocklist.cpp
@@ -9,17 +9,16 @@
#include "mozilla/Assertions.h"
#include "mozilla/Base64.h"
#include "mozilla/Casting.h"
#include "mozilla/IntegerPrintfMacros.h"
#include "mozilla/Logging.h"
#include "mozilla/Preferences.h"
#include "mozilla/Unused.h"
#include "nsAppDirectoryServiceDefs.h"
-#include "nsCRTGlue.h"
#include "nsDependentString.h"
#include "nsDirectoryServiceUtils.h"
#include "nsICryptoHash.h"
#include "nsIFileStreams.h"
#include "nsILineInputStream.h"
#include "nsISafeOutputStream.h"
#include "nsIX509Cert.h"
#include "nsNetCID.h"
--- a/security/manager/ssl/PSMContentListener.cpp
+++ b/security/manager/ssl/PSMContentListener.cpp
@@ -2,37 +2,34 @@
* vim: set sw=2 sts=2 ts=2 et tw=80:
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "PSMContentListener.h"
-#include "nsIDivertableChannel.h"
-#include "nsIStreamListener.h"
-#include "nsIX509CertDB.h"
-#include "nsIXULAppInfo.h"
-
#include "mozilla/Casting.h"
+#include "mozilla/Logging.h"
#include "mozilla/Services.h"
#include "mozilla/Unused.h"
-
#include "mozilla/dom/ContentChild.h"
+#include "mozilla/net/ChannelDiverterChild.h"
#include "mozilla/net/ChannelDiverterParent.h"
-#include "mozilla/net/ChannelDiverterChild.h"
-
-#include "nsCRT.h"
+#include "nsDependentString.h"
+#include "nsIChannel.h"
+#include "nsIDivertableChannel.h"
+#include "nsIInputStream.h"
+#include "nsIStreamListener.h"
+#include "nsIURI.h"
+#include "nsIX509CertDB.h"
+#include "nsIXULAppInfo.h"
+#include "nsNSSHelper.h"
#include "nsNetUtil.h"
-#include "nsIChannel.h"
-#include "nsIInputStream.h"
-#include "nsIURI.h"
-#include "nsNSSHelper.h"
-
-#include "mozilla/Logging.h"
+#include "nsPromiseFlatString.h"
extern mozilla::LazyLogModule gPIPNSSLog;
namespace mozilla { namespace psm {
namespace {
const int32_t kDefaultCertAllocLength = 2048;
@@ -49,29 +46,33 @@ enum {
application/x-pkcs7-mime
application/pkcs7-signature
application/pre-encrypted
*/
uint32_t
-getPSMContentType(const char* aContentType)
+getPSMContentType(const nsCString& aContentType)
{
// Don't forget to update the registration of content listeners in nsNSSModule.cpp
// for every supported content type.
- if (!nsCRT::strcasecmp(aContentType, "application/x-x509-ca-cert"))
+ if (aContentType.EqualsIgnoreCase("application/x-x509-ca-cert")) {
return X509_CA_CERT;
- if (!nsCRT::strcasecmp(aContentType, "application/x-x509-server-cert"))
+ }
+ if (aContentType.EqualsIgnoreCase("application/x-x509-server-cert")) {
return X509_SERVER_CERT;
- if (!nsCRT::strcasecmp(aContentType, "application/x-x509-user-cert"))
+ }
+ if (aContentType.EqualsIgnoreCase("application/x-x509-user-cert")) {
return X509_USER_CERT;
- if (!nsCRT::strcasecmp(aContentType, "application/x-x509-email-cert"))
+ }
+ if (aContentType.EqualsIgnoreCase("application/x-x509-email-cert")) {
return X509_EMAIL_CERT;
+ }
return UNKNOWN_TYPE;
}
int64_t
ComputeContentLength(nsIRequest* request)
{
nsCOMPtr<nsIChannel> channel(do_QueryInterface(request));
@@ -380,34 +381,43 @@ PSMContentListener::IsPreferred(const ch
bool* aCanHandleContent)
{
return CanHandleContent(aContentType, true,
aDesiredContentType, aCanHandleContent);
}
NS_IMETHODIMP
PSMContentListener::CanHandleContent(const char* aContentType,
- bool aIsContentPreferred,
- char** aDesiredContentType,
- bool* aCanHandleContent)
+ bool /*aIsContentPreferred*/,
+ /*out*/ char** aDesiredContentType,
+ /*out*/ bool* aCanHandleContent)
{
- uint32_t type = getPSMContentType(aContentType);
+ NS_ENSURE_ARG(aDesiredContentType);
+ NS_ENSURE_ARG(aCanHandleContent);
+
+ *aDesiredContentType = nullptr;
+
+ uint32_t type = getPSMContentType(nsDependentCString(aContentType));
*aCanHandleContent = (type != UNKNOWN_TYPE);
return NS_OK;
}
NS_IMETHODIMP
PSMContentListener::DoContent(const nsACString& aContentType,
- bool aIsContentPreferred,
- nsIRequest* aRequest,
- nsIStreamListener** aContentHandler,
- bool* aAbortProcess)
+ bool /*aIsContentPreferred*/,
+ nsIRequest* /*aRequest*/,
+ /*out*/ nsIStreamListener** aContentHandler,
+ /*out*/ bool* aAbortProcess)
{
- uint32_t type;
- type = getPSMContentType(PromiseFlatCString(aContentType).get());
+ NS_ENSURE_ARG(aContentHandler);
+ NS_ENSURE_ARG(aAbortProcess);
+
+ *aAbortProcess = false;
+
+ uint32_t type = getPSMContentType(PromiseFlatCString(aContentType));
if (gPIPNSSLog) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("PSMContentListener::DoContent\n"));
}
if (type != UNKNOWN_TYPE) {
nsCOMPtr<nsIStreamListener> downloader;
if (XRE_IsParentProcess()) {
downloader = new PSMContentStreamListener(type);
} else {
--- a/security/manager/ssl/TransportSecurityInfo.cpp
+++ b/security/manager/ssl/TransportSecurityInfo.cpp
@@ -65,28 +65,20 @@ TransportSecurityInfo::virtualDestroyNSS
NS_IMPL_ISUPPORTS(TransportSecurityInfo,
nsITransportSecurityInfo,
nsIInterfaceRequestor,
nsISSLStatusProvider,
nsIAssociatedContentSecurity,
nsISerializable,
nsIClassInfo)
-nsresult
+void
TransportSecurityInfo::SetHostName(const char* host)
{
- mHostName.Adopt(host ? NS_strdup(host) : 0);
- return NS_OK;
-}
-
-nsresult
-TransportSecurityInfo::GetHostName(char **host)
-{
- *host = (mHostName) ? NS_strdup(mHostName) : nullptr;
- return NS_OK;
+ mHostName.Assign(host);
}
nsresult
TransportSecurityInfo::SetPort(int32_t aPort)
{
mPort = aPort;
return NS_OK;
}
@@ -212,54 +204,53 @@ TransportSecurityInfo::GetErrorLogMessag
}
MutexAutoLock lock(mMutex);
(void) formatErrorMessage(lock, errorCode, errorMessageType,
false, false, result);
}
static nsresult
-formatPlainErrorMessage(nsXPIDLCString const & host, int32_t port,
- PRErrorCode err,
+formatPlainErrorMessage(const nsCString& host, int32_t port,
+ PRErrorCode err,
bool suppressPort443,
- nsString &returnedMessage);
+ /*out*/ nsString& returnedMessage);
static nsresult
-formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
- PRErrorCode errorCodeToReport,
- const nsXPIDLCString & host, int32_t port,
+formatOverridableCertErrorMessage(nsISSLStatus& sslStatus,
+ PRErrorCode errorCodeToReport,
+ const nsCString& host, int32_t port,
bool suppressPort443,
bool wantsHtml,
- nsString & returnedMessage);
+ /*out*/ nsString& returnedMessage);
// XXX: uses nsNSSComponent string bundles off the main thread when called by
// nsNSSSocketInfo::Write().
nsresult
-TransportSecurityInfo::formatErrorMessage(MutexAutoLock const & proofOfLock,
+TransportSecurityInfo::formatErrorMessage(const MutexAutoLock& /*proofOfLock*/,
PRErrorCode errorCode,
SSLErrorMessageType errorMessageType,
- bool wantsHtml, bool suppressPort443,
- nsString &result)
+ bool wantsHtml, bool suppressPort443,
+ /*out*/ nsString& result)
{
result.Truncate();
if (errorCode == 0) {
return NS_OK;
}
if (!XRE_IsParentProcess()) {
return NS_ERROR_UNEXPECTED;
}
nsresult rv;
- NS_ConvertASCIItoUTF16 hostNameU(mHostName);
MOZ_ASSERT(errorMessageType != OverridableCertErrorMessage ||
(mSSLStatus && mSSLStatus->HasServerCert() &&
mSSLStatus->mHaveCertErrorBits),
"formatErrorMessage() called for cert error without cert");
- if (errorMessageType == OverridableCertErrorMessage &&
+ if (errorMessageType == OverridableCertErrorMessage &&
mSSLStatus && mSSLStatus->HasServerCert()) {
rv = formatOverridableCertErrorMessage(*mSSLStatus, errorCode,
mHostName, mPort,
suppressPort443,
wantsHtml,
result);
} else {
rv = formatPlainErrorMessage(mHostName, mPort,
@@ -515,51 +506,48 @@ TransportSecurityInfo::SetSSLStatus(nsSS
}
/* Formats an error message for non-certificate-related SSL errors
* and non-overridable certificate errors (both are of type
* PlainErrormMessage). Use formatOverridableCertErrorMessage
* for overridable cert errors.
*/
static nsresult
-formatPlainErrorMessage(const nsXPIDLCString &host, int32_t port,
- PRErrorCode err,
+formatPlainErrorMessage(const nsCString& host, int32_t port,
+ PRErrorCode err,
bool suppressPort443,
- nsString &returnedMessage)
+ /*out*/ nsString& returnedMessage)
{
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
const char16_t *params[1];
nsresult rv;
nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
if (host.Length())
{
- nsString hostWithPort;
-
// For now, hide port when it's 443 and we're reporting the error.
// In the future a better mechanism should be used
// to make a decision about showing the port number, possibly by requiring
// the context object to implement a specific interface.
// The motivation is that Mozilla browser would like to hide the port number
// in error pages in the common case.
- hostWithPort.AssignASCII(host);
+ NS_ConvertASCIItoUTF16 hostWithPort(host);
if (!suppressPort443 || port != 443) {
hostWithPort.Append(':');
hostWithPort.AppendInt(port);
}
params[0] = hostWithPort.get();
nsString formattedString;
- rv = component->PIPBundleFormatStringFromName("SSLConnectionErrorPrefix",
- params, 1,
- formattedString);
+ rv = component->PIPBundleFormatStringFromName("SSLConnectionErrorPrefix",
+ params, 1, formattedString);
if (NS_SUCCEEDED(rv))
{
returnedMessage.Append(formattedString);
returnedMessage.AppendLiteral("\n\n");
}
}
nsString explanation;
@@ -865,42 +853,39 @@ AppendErrorTextCode(PRErrorCode errorCod
}
}
/* Formats an error message for overridable certificate errors (of type
* OverridableCertErrorMessage). Use formatPlainErrorMessage to format
* non-overridable cert errors and non-cert-related errors.
*/
static nsresult
-formatOverridableCertErrorMessage(nsISSLStatus & sslStatus,
- PRErrorCode errorCodeToReport,
- const nsXPIDLCString & host, int32_t port,
+formatOverridableCertErrorMessage(nsISSLStatus& sslStatus,
+ PRErrorCode errorCodeToReport,
+ const nsCString& host, int32_t port,
bool suppressPort443,
bool wantsHtml,
- nsString & returnedMessage)
+ /*out*/ nsString& returnedMessage)
{
static NS_DEFINE_CID(kNSSComponentCID, NS_NSSCOMPONENT_CID);
const char16_t *params[1];
nsresult rv;
- nsAutoString hostWithPort;
- nsAutoString hostWithoutPort;
+ NS_ConvertASCIItoUTF16 hostWithPort(host);
+ NS_ConvertASCIItoUTF16 hostWithoutPort(host);
// For now, hide port when it's 443 and we're reporting the error.
// In the future a better mechanism should be used
// to make a decision about showing the port number, possibly by requiring
// the context object to implement a specific interface.
// The motivation is that Mozilla browser would like to hide the port number
// in error pages in the common case.
-
- hostWithoutPort.AppendASCII(host);
if (suppressPort443 && port == 443) {
params[0] = hostWithoutPort.get();
} else {
- hostWithPort.AppendASCII(host);
hostWithPort.Append(':');
hostWithPort.AppendInt(port);
params[0] = hostWithPort.get();
}
nsCOMPtr<nsINSSComponent> component = do_GetService(kNSSComponentCID, &rv);
NS_ENSURE_SUCCESS(rv, rv);
@@ -951,31 +936,30 @@ RememberCertErrorsTable::sInstance = nul
RememberCertErrorsTable::RememberCertErrorsTable()
: mErrorHosts()
, mMutex("RememberCertErrorsTable::mMutex")
{
}
static nsresult
-GetHostPortKey(TransportSecurityInfo* infoObject, nsAutoCString &result)
+GetHostPortKey(TransportSecurityInfo* infoObject, /*out*/ nsCString& result)
{
- nsresult rv;
+ MOZ_ASSERT(infoObject);
+ NS_ENSURE_ARG(infoObject);
result.Truncate();
- nsXPIDLCString hostName;
- rv = infoObject->GetHostName(getter_Copies(hostName));
- NS_ENSURE_SUCCESS(rv, rv);
+ int32_t port;
+ nsresult rv = infoObject->GetPort(&port);
+ if (NS_FAILED(rv)) {
+ return rv;
+ }
- int32_t port;
- rv = infoObject->GetPort(&port);
- NS_ENSURE_SUCCESS(rv, rv);
-
- result.Assign(hostName);
+ result.Assign(infoObject->GetHostName());
result.Append(':');
result.AppendInt(port);
return NS_OK;
}
void
RememberCertErrorsTable::RememberCertHasError(TransportSecurityInfo* infoObject,
--- a/security/manager/ssl/TransportSecurityInfo.h
+++ b/security/manager/ssl/TransportSecurityInfo.h
@@ -15,16 +15,17 @@
#include "mozilla/RefPtr.h"
#include "nsDataHashtable.h"
#include "nsIAssociatedContentSecurity.h"
#include "nsIInterfaceRequestor.h"
#include "nsISSLStatusProvider.h"
#include "nsITransportSecurityInfo.h"
#include "nsNSSShutDown.h"
#include "nsSSLStatus.h"
+#include "nsString.h"
#include "pkix/pkixtypes.h"
namespace mozilla { namespace psm {
enum SSLErrorMessageType {
OverridableCertErrorMessage = 1, // for *overridable* certificate errors
PlainErrorMessage = 2 // all other errors (or "no error")
};
@@ -47,23 +48,21 @@ public:
NS_DECL_NSITRANSPORTSECURITYINFO
NS_DECL_NSIINTERFACEREQUESTOR
NS_DECL_NSISSLSTATUSPROVIDER
NS_DECL_NSIASSOCIATEDCONTENTSECURITY
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICLASSINFO
nsresult SetSecurityState(uint32_t aState);
- nsresult SetShortSecurityDescription(const char16_t *aText);
const nsACString & GetHostName() const { return mHostName; }
const char * GetHostNameRaw() const { return mHostName.get(); }
- nsresult GetHostName(char **aHostName);
- nsresult SetHostName(const char *aHostName);
+ void SetHostName(const char* host);
int32_t GetPort() const { return mPort; }
nsresult GetPort(int32_t *aPort);
nsresult SetPort(int32_t aPort);
const OriginAttributes& GetOriginAttributes() const {
return mOriginAttributes;
}
@@ -101,17 +100,17 @@ private:
nsString mErrorMessageCached;
nsresult formatErrorMessage(::mozilla::MutexAutoLock const & proofOfLock,
PRErrorCode errorCode,
::mozilla::psm::SSLErrorMessageType errorMessageType,
bool wantsHtml, bool suppressPort443,
nsString &result);
int32_t mPort;
- nsXPIDLCString mHostName;
+ nsCString mHostName;
OriginAttributes mOriginAttributes;
/* SSL Status */
RefPtr<nsSSLStatus> mSSLStatus;
/* Peer cert chain for failed connections (for error reporting) */
nsCOMPtr<nsIX509CertList> mFailedCertChain;
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -1321,21 +1321,17 @@ void HandshakeCallback(PRFileDesc* fd, v
infoObject->SetSecurityState(state);
// XXX Bug 883674: We shouldn't be formatting messages here in PSM; instead,
// we should set a flag on the channel that higher (UI) level code can check
// to log the warning. In particular, these warnings should go to the web
// console instead of to the error console. Also, the warning is not
// localized.
if (!siteSupportsSafeRenego) {
- nsXPIDLCString hostName;
- infoObject->GetHostName(getter_Copies(hostName));
-
- nsAutoString msg;
- msg.Append(NS_ConvertASCIItoUTF16(hostName));
+ NS_ConvertASCIItoUTF16 msg(infoObject->GetHostName());
msg.AppendLiteral(" : server does not support RFC 5746, see CVE-2009-3555");
nsContentUtils::LogSimpleConsoleError(msg, "SSL");
}
infoObject->NoteTimeUntilReady();
infoObject->SetHandshakeCompleted();
}
--- a/security/manager/ssl/nsNSSCertificate.cpp
+++ b/security/manager/ssl/nsNSSCertificate.cpp
@@ -11,17 +11,16 @@
#include "certdb.h"
#include "mozilla/Assertions.h"
#include "mozilla/Base64.h"
#include "mozilla/Casting.h"
#include "mozilla/NotNull.h"
#include "mozilla/Unused.h"
#include "nsArray.h"
#include "nsCOMPtr.h"
-#include "nsCRT.h"
#include "nsICertificateDialogs.h"
#include "nsIClassInfoImpl.h"
#include "nsIObjectInputStream.h"
#include "nsIObjectOutputStream.h"
#include "nsISupportsPrimitives.h"
#include "nsIURI.h"
#include "nsIX509Cert.h"
#include "nsNSSASN1Object.h"
--- a/security/manager/ssl/nsNSSCertificateDB.cpp
+++ b/security/manager/ssl/nsNSSCertificateDB.cpp
@@ -12,17 +12,16 @@
#include "certdb.h"
#include "mozilla/Assertions.h"
#include "mozilla/Base64.h"
#include "mozilla/Casting.h"
#include "mozilla/Unused.h"
#include "nsArray.h"
#include "nsArrayUtils.h"
#include "nsCOMPtr.h"
-#include "nsCRT.h"
#include "nsComponentManagerUtils.h"
#include "nsICertificateDialogs.h"
#include "nsIFile.h"
#include "nsIMutableArray.h"
#include "nsIObserverService.h"
#include "nsIPrefBranch.h"
#include "nsIPrefService.h"
#include "nsIPrompt.h"
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -32,16 +32,17 @@
#include "nsIFile.h"
#include "nsIObserverService.h"
#include "nsIPrompt.h"
#include "nsIProperties.h"
#include "nsISiteSecurityService.h"
#include "nsITokenPasswordDialogs.h"
#include "nsIWindowWatcher.h"
#include "nsIXULRuntime.h"
+#include "nsLiteralString.h"
#include "nsNSSCertificateDB.h"
#include "nsNSSHelper.h"
#include "nsNSSShutDown.h"
#include "nsPrintfCString.h"
#include "nsServiceManagerUtils.h"
#include "nsThreadUtils.h"
#include "nsXULAppAPI.h"
#include "nss.h"
@@ -566,17 +567,18 @@ PCCERT_CONTEXTToCERTCertificate(PCCERT_C
};
return UniqueCERTCertificate(
CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
nullptr, // nickname unnecessary
false, // not permanent
true)); // copy DER
}
-static const char* kMicrosoftFamilySafetyCN = "Microsoft Family Safety";
+static NS_NAMED_LITERAL_CSTRING(kMicrosoftFamilySafetyCN,
+ "Microsoft Family Safety");
nsresult
nsNSSComponent::MaybeImportFamilySafetyRoot(PCCERT_CONTEXT certificate,
bool& wasFamilySafetyRoot)
{
MOZ_ASSERT(NS_IsMainThread());
if (!NS_IsMainThread()) {
return NS_ERROR_NOT_SAME_THREAD;
@@ -589,17 +591,17 @@ nsNSSComponent::MaybeImportFamilySafetyR
if (!nssCertificate) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
return NS_ERROR_FAILURE;
}
// Looking for a certificate with the common name 'Microsoft Family Safety'
UniquePORTString subjectName(CERT_GetCommonName(&nssCertificate->subject));
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("subject name is '%s'", subjectName.get()));
- if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+ if (kMicrosoftFamilySafetyCN.Equals(subjectName.get())) {
wasFamilySafetyRoot = true;
CERTCertTrust trust = {
CERTDB_TRUSTED_CA | CERTDB_VALID_CA | CERTDB_USER,
0,
0
};
if (CERT_ChangeCertTrust(nullptr, nssCertificate.get(), &trust)
!= SECSuccess) {
@@ -969,17 +971,17 @@ nsNSSComponent::ImportEnterpriseRootsFor
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("couldn't decode certificate"));
continue;
}
// Don't import the Microsoft Family Safety root (this prevents the
// Enterprise Roots feature from interacting poorly with the Family
// Safety support).
UniquePORTString subjectName(
CERT_GetCommonName(&nssCertificate->subject));
- if (nsCRT::strcmp(subjectName.get(), kMicrosoftFamilySafetyCN) == 0) {
+ if (kMicrosoftFamilySafetyCN.Equals(subjectName.get())) {
MOZ_LOG(gPIPNSSLog, LogLevel::Debug, ("skipping Family Safety Root"));
continue;
}
MOZ_ASSERT(mEnterpriseRoots, "mEnterpriseRoots unexpectedly NULL?");
if (!mEnterpriseRoots) {
return;
}
if (CERT_AddCertToListTail(mEnterpriseRoots.get(), nssCertificate.get())
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -18,16 +18,17 @@
#include "mozilla/Casting.h"
#include "mozilla/DebugOnly.h"
#include "mozilla/Logging.h"
#include "mozilla/Move.h"
#include "mozilla/Preferences.h"
#include "mozilla/Telemetry.h"
#include "nsArray.h"
#include "nsArrayUtils.h"
+#include "nsCRT.h"
#include "nsCharSeparatedTokenizer.h"
#include "nsClientAuthRemember.h"
#include "nsContentUtils.h"
#include "nsIClientAuthDialogs.h"
#include "nsIConsoleService.h"
#include "nsIPrefService.h"
#include "nsISocketProvider.h"
#include "nsIWebProgressListener.h"
@@ -2175,18 +2176,17 @@ ClientAuthDataRunnable::RunOnTargetThrea
}
if (!cert) {
goto loser;
}
} else { // Not Auto => ask
// Get the SSL Certificate
- nsXPIDLCString hostname;
- mSocketInfo->GetHostName(getter_Copies(hostname));
+ const nsACString& hostname = mSocketInfo->GetHostName();
RefPtr<nsClientAuthRememberService> cars =
mSocketInfo->SharedState().GetClientAuthRememberService();
bool hasRemembered = false;
nsCString rememberedDBKey;
if (cars) {
bool found;
--- a/security/manager/ssl/nsPKCS12Blob.cpp
+++ b/security/manager/ssl/nsPKCS12Blob.cpp
@@ -11,17 +11,16 @@
#include "nsICertificateDialogs.h"
#include "nsIFile.h"
#include "nsIInputStream.h"
#include "nsNSSCertHelper.h"
#include "nsNSSCertificate.h"
#include "nsNSSHelper.h"
#include "nsNetUtil.h"
#include "nsReadableUtils.h"
-#include "nsString.h"
#include "nsThreadUtils.h"
#include "pkix/pkixtypes.h"
#include "prmem.h"
#include "secerr.h"
using namespace mozilla;
extern LazyLogModule gPIPNSSLog;
@@ -323,24 +322,29 @@ finish:
//
///////////////////////////////////////////////////////////////////////
// unicodeToItem
//
// For the NSS PKCS#12 library, must convert PRUnichars (shorts) to
// a buffer of octets. Must handle byte order correctly.
nsresult
-nsPKCS12Blob::unicodeToItem(const char16_t *uni, SECItem *item)
+nsPKCS12Blob::unicodeToItem(const nsString& uni, SECItem* item)
{
- uint32_t len = NS_strlen(uni) + 1;
+ uint32_t len = uni.Length() + 1; // +1 for the null terminator.
if (!SECITEM_AllocItem(nullptr, item, sizeof(char16_t) * len)) {
return NS_ERROR_OUT_OF_MEMORY;
}
- mozilla::NativeEndian::copyAndSwapToBigEndian(item->data, uni, len);
+ // We have to use a cast here because on Windows, uni.get() returns
+ // char16ptr_t instead of char16_t*.
+ mozilla::NativeEndian::copyAndSwapToBigEndian(
+ item->data,
+ static_cast<const char16_t*>(uni.get()),
+ len);
return NS_OK;
}
// newPKCS12FilePassword
//
// Launch a dialog requesting the user for a new PKCS#12 file passowrd.
// Handle user canceled by returning null password (caller must catch).
@@ -352,17 +356,17 @@ nsPKCS12Blob::newPKCS12FilePassword(SECI
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) return rv;
bool pressedOK;
rv = certDialogs->SetPKCS12FilePassword(mUIContext, password, &pressedOK);
if (NS_FAILED(rv) || !pressedOK) return rv;
- return unicodeToItem(password.get(), unicodePw);
+ return unicodeToItem(password, unicodePw);
}
// getPKCS12FilePassword
//
// Launch a dialog requesting the user for the password to a PKCS#12 file.
// Handle user canceled by returning null password (caller must catch).
nsresult
nsPKCS12Blob::getPKCS12FilePassword(SECItem *unicodePw)
@@ -372,17 +376,17 @@ nsPKCS12Blob::getPKCS12FilePassword(SECI
nsCOMPtr<nsICertificateDialogs> certDialogs;
rv = ::getNSSDialogs(getter_AddRefs(certDialogs),
NS_GET_IID(nsICertificateDialogs),
NS_CERTIFICATEDIALOGS_CONTRACTID);
if (NS_FAILED(rv)) return rv;
bool pressedOK;
rv = certDialogs->GetPKCS12FilePassword(mUIContext, password, &pressedOK);
if (NS_FAILED(rv) || !pressedOK) return rv;
- return unicodeToItem(password.get(), unicodePw);
+ return unicodeToItem(password, unicodePw);
}
// inputToDecoder
//
// Given a decoder, read bytes from file and input them to the decoder.
nsresult
nsPKCS12Blob::inputToDecoder(SEC_PKCS12DecoderContext *dcx, nsIFile *file)
{
--- a/security/manager/ssl/nsPKCS12Blob.h
+++ b/security/manager/ssl/nsPKCS12Blob.h
@@ -1,24 +1,24 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: nsPKCS12Blob.h,v 1.16 2006/04/12 15:43:32 benjamin%smedbergs.us Exp $ */
#ifndef nsPKCS12Blob_h
#define nsPKCS12Blob_h
#include "nsCOMPtr.h"
#include "nsIMutableArray.h"
#include "nsNSSShutDown.h"
+#include "nsString.h"
#include "p12.h"
#include "seccomon.h"
+class nsIFile;
class nsIX509Cert;
-class nsIFile;
//
// nsPKCS12Blob
//
// Class for importing/exporting PKCS#12 blobs
//
class nsPKCS12Blob : public nsNSSShutDownObject
{
@@ -39,17 +39,17 @@ private:
nsCOMPtr<nsIMutableArray> mCertArray;
nsCOMPtr<nsIInterfaceRequestor> mUIContext;
// local helper functions
nsresult getPKCS12FilePassword(SECItem *);
nsresult newPKCS12FilePassword(SECItem *);
nsresult inputToDecoder(SEC_PKCS12DecoderContext *, nsIFile *);
- nsresult unicodeToItem(const char16_t *, SECItem *);
+ nsresult unicodeToItem(const nsString& uni, SECItem* item);
void handleError(int myerr = 0);
// RetryReason and ImportMode are used when importing a PKCS12 file.
// There are two reasons that cause us to retry:
// - When the password entered by the user is incorrect.
// The user will be prompted to try again.
// - When the user entered a zero length password.
// An empty password should be represented as an empty
--- a/security/manager/ssl/nsSiteSecurityService.cpp
+++ b/security/manager/ssl/nsSiteSecurityService.cpp
@@ -12,17 +12,16 @@
#include "mozilla/Base64.h"
#include "mozilla/dom/PContent.h"
#include "mozilla/dom/ToJSValue.h"
#include "mozilla/LinkedList.h"
#include "mozilla/Logging.h"
#include "mozilla/Preferences.h"
#include "nsArrayEnumerator.h"
#include "nsCOMArray.h"
-#include "nsCRTGlue.h"
#include "nsISSLStatus.h"
#include "nsIScriptSecurityManager.h"
#include "nsISocketProvider.h"
#include "nsIURI.h"
#include "nsIX509Cert.h"
#include "nsNSSComponent.h"
#include "nsNetUtil.h"
#include "nsPromiseFlatString.h"