Bug 1279105 - Properly shutdown NSS after NSSInitCryptoContext was called. r?rstrong
--- a/modules/libmar/sign/mar_sign.c
+++ b/modules/libmar/sign/mar_sign.c
@@ -1148,14 +1148,16 @@ failure:
if (privKeys[k]) {
SECKEY_DestroyPrivateKey(privKeys[k]);
}
SECITEM_FreeItem(&secItems[k], PR_FALSE);
}
+ (void)NSS_Shutdown();
+
if (rv) {
remove(dest);
}
return rv;
}
--- a/modules/libmar/tool/mar.c
+++ b/modules/libmar/tool/mar.c
@@ -15,16 +15,17 @@
#include <direct.h>
#define chdir _chdir
#else
#include <unistd.h>
#endif
#if !defined(NO_SIGN_VERIFY) && (!defined(XP_WIN) || defined(MAR_NSS))
#include "cert.h"
+#include "nss.h"
#include "pk11pub.h"
int NSSInitCryptoContext(const char *NSSConfigDir);
#endif
int mar_repackage_and_sign(const char *NSSConfigDir,
const char * const *certNames,
uint32_t certCount,
const char *src,
@@ -395,19 +396,21 @@ int main(int argc, char **argv) {
int hasSignatureBlock;
if (get_mar_file_info(argv[2], &hasSignatureBlock,
NULL, NULL, NULL, NULL)) {
fprintf(stderr, "ERROR: could not determine if MAR is old or new.\n");
} else if (!hasSignatureBlock) {
fprintf(stderr, "ERROR: The MAR file is in the old format so has"
" no signature to verify.\n");
}
- return -1;
}
- return 0;
+#if (!defined(XP_WIN) && !defined(XP_MACOSX)) || defined(MAR_NSS)
+ (void) NSS_Shutdown();
+#endif
+ return rv ? -1 : 0;
case 's':
if (!NSSConfigDir || certCount == 0 || argc < 4) {
print_usage();
return -1;
}
return mar_repackage_and_sign(NSSConfigDir, certNames, certCount,
argv[2], argv[3]);