Update NSS to 3.38

- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
2026-05-27 16:48:45 +00:00 · 2018-08-14 07:52:35 +02:00
parent f44e99950f
commit ab10600379
197 changed files with 4880 additions and 7152 deletions
@@ -682,6 +682,7 @@ handle_connection(
                }
                if (arena) {
                    PORT_FreeArena(arena, PR_FALSE);
+                    arena = NULL;
                }
                if (!request || !request->tbsRequest ||
                    !request->tbsRequest->requestList ||
@@ -753,11 +754,11 @@ handle_connection(

                    {
                        PRTime now = PR_Now();
-                        PLArenaPool *arena = NULL;
                        CERTOCSPSingleResponse *sr;
                        CERTOCSPSingleResponse **singleResponses;
                        SECItem *ocspResponse;

+                        PORT_Assert(!arena);
                        arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);

                        if (unknown) {
@@ -787,8 +788,8 @@ handle_connection(
                        } else {
                            PR_Write(ssl_sock, outOcspHeader, strlen(outOcspHeader));
                            PR_Write(ssl_sock, ocspResponse->data, ocspResponse->len);
-                            PORT_FreeArena(arena, PR_FALSE);
                        }
+                        PORT_FreeArena(arena, PR_FALSE);
                    }
                    CERT_DestroyOCSPRequest(request);
                    break;
@@ -1357,7 +1358,6 @@ main(int argc, char **argv)
            caRevoIter = &caRevoInfos->link;
            do {
                PRFileDesc *inFile;
-                int rv = SECFailure;
                SECItem crlDER;
                crlDER.data = NULL;

@@ -1413,11 +1413,9 @@ main(int argc, char **argv)

    if (provideOcsp) {
        if (caRevoInfos) {
-            PRCList *caRevoIter;
-
            caRevoIter = &caRevoInfos->link;
            do {
-                caRevoInfo *revoInfo = (caRevoInfo *)caRevoIter;
+                revoInfo = (caRevoInfo *)caRevoIter;
                if (revoInfo->nickname)
                    PORT_Free(revoInfo->nickname);
                if (revoInfo->crlFilename)