1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
diff -rupN mod_revocator-1.0.3.patched/Makefile.am mod_revocator-1.0.3.segfault/Makefile.am
--- mod_revocator-1.0.3.patched/Makefile.am 2010-04-13 07:11:09.000000000 -0700
+++ mod_revocator-1.0.3.segfault/Makefile.am 2011-10-11 09:41:23.000000000 -0700
@@ -10,7 +10,7 @@ libmodrev_la_SOURCES = mod_rev.c
libmodrev_la_LDFLAGS = -module -avoid-version
INCLUDES = -I@apache_inc@ @nspr_inc@ @nss_inc@ @apr_inc@ -Imozilla/security/nss/lib/base @ldapsdk_inc@ -Imozilla/security/nss/lib/ckfw
-LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl
+LIBS = @ldapsdk_lib@ @nspr_lib@ @nss_lib@ @ldapsdk_libs_ssl@ -lssl3 -lsmime3 -lnss3 -lnssutil3 -lnssb @ldapsdk_libs@ -lplc4 -lplds4 -lnspr4 -lpthread -ldl
DEFS = -D__REVOCATION_IMPLEMENTATION__=1 @extra_cppflags@
# Remove nsprstub.o from libnssckfw.a so we can use our own stub, then
diff -rupN mod_revocator-1.0.3.patched/crlhelper.cpp mod_revocator-1.0.3.segfault/crlhelper.cpp
--- mod_revocator-1.0.3.patched/crlhelper.cpp 2011-10-11 09:18:33.000000000 -0700
+++ mod_revocator-1.0.3.segfault/crlhelper.cpp 2011-10-11 09:35:53.000000000 -0700
@@ -229,7 +229,7 @@ int main(int argc, char ** argv)
}
if (NULL == data) {
data = fetch_url(url, 30, lastfetchtime, &len, &errnum);
- if (expired)
+ if (expired) {
if (errnum == CL_NOUPDATE_AVAILABLE) {
node->fetchtime = PR_Now();
data = node->data;
@@ -243,6 +243,7 @@ int main(int argc, char ** argv)
urlcache = node->next;
}
freeNode(node);
+ }
}
if (data) {
node = (Node *)malloc(sizeof(Node));
@@ -262,10 +263,11 @@ int main(int argc, char ** argv)
data = node->data;
node->fetchtime = PR_Now();
node->errnum = errnum;
- if (urlcache)
+ if (urlcache) {
node->next = urlcache;
- else
+ } else {
node->next = NULL;
+ }
urlcache = node;
}
}
diff -rupN mod_revocator-1.0.3.patched/mod_rev.c mod_revocator-1.0.3.segfault/mod_rev.c
--- mod_revocator-1.0.3.patched/mod_rev.c 2011-10-11 09:18:33.000000000 -0700
+++ mod_revocator-1.0.3.segfault/mod_rev.c 2011-10-11 11:15:37.000000000 -0700
@@ -501,6 +501,23 @@ InitRevocation(apr_pool_t *p, server_rec
apr_os_file_get(&infd, sc->proc.out);
PR_snprintf(configstring, CONFIGLEN, "library=%s name=revocation parameters=\"%s %ld %d %d\"", revocation_library, sc->crlfile ? sc->crlfile : "", sc->semid, infd, outfd);
+ /* Since NSS now separates some functionality into 'libnssutil3.so',
+ * to prevent a segmentation violation from occurring, it is now
+ * necessary to insure that all executables and libraries are
+ * linked against this library, and that the SECOID_Init() function
+ * is called prior to calling the SECMOD_LoadUserModule() function.
+ */
+ if (SECOID_Init() != SECSuccess) {
+ free(configstring);
+ apr_dso_unload(dlh);
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, base_server,
+ "Unable to initialize SECOID, NSS error %d. %s", PR_GetError(), critical ? "" : "CRL retrieval will be disabled.");
+ if (critical) {
+ kill_apache();
+ }
+ return APR_EGENERAL;
+ }
+
mod = SECMOD_LoadUserModule(configstring, NULL, PR_FALSE);
if (!mod || !mod->loaded)
{
|
