diff options
Diffstat (limited to 'indra/newview/llsechandler_basic.cpp')
| -rwxr-xr-x[-rw-r--r--] | indra/newview/llsechandler_basic.cpp | 52 |
1 files changed, 38 insertions, 14 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 30400a4c6a..40516f9bbb 100644..100755 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -207,6 +207,7 @@ LLSD _basic_constraints_ext(X509* cert) } } + BASIC_CONSTRAINTS_free( bs ); } return result; } @@ -268,6 +269,8 @@ LLSD _ext_key_usage_ext(X509* cert) ASN1_OBJECT_free(usage); } } + + EXTENDED_KEY_USAGE_free( eku ); } return result; } @@ -280,6 +283,8 @@ LLSD _subject_key_identifier_ext(X509 *cert) if(skeyid) { result = cert_string_from_octet_string(skeyid); + + ASN1_OCTET_STRING_free( skeyid ); } return result; } @@ -300,6 +305,9 @@ LLSD _authority_key_identifier_ext(X509* cert) { result[CERT_AUTHORITY_KEY_IDENTIFIER_SERIAL] = cert_string_from_asn1_integer(akeyid->serial); } + + + AUTHORITY_KEYID_free( akeyid ); } // we ignore the issuer name in the authority key identifier, we check the issue name via @@ -632,7 +640,7 @@ LLBasicCertificateStore::~LLBasicCertificateStore() // persist the store void LLBasicCertificateStore::save() { - llofstream file_store(mFilename, llofstream::binary); + llofstream file_store(mFilename.c_str(), std::ios_base::binary); if(!file_store.fail()) { for(iterator cert = begin(); @@ -1049,6 +1057,8 @@ void LLBasicCertificateStore::validate(int validation_policy, throw LLInvalidCertificate((*current_cert)); } std::string sha1_hash((const char *)cert_x509->sha1_hash, SHA_DIGEST_LENGTH); + X509_free( cert_x509 ); + cert_x509 = NULL; t_cert_cache::iterator cache_entry = mTrustedCertCache.find(sha1_hash); if(cache_entry != mTrustedCertCache.end()) { @@ -1210,7 +1220,7 @@ void LLSecAPIBasicHandler::init() // grab the application CA.pem file that contains the well-known certs shipped // with the product std::string ca_file_path = gDirUtilp->getExpandedFilename(LL_PATH_APP_SETTINGS, "CA.pem"); - llinfos << "app path " << ca_file_path << llendl; + LL_INFOS() << "app path " << ca_file_path << LL_ENDL; LLPointer<LLBasicCertificateStore> app_ca_store = new LLBasicCertificateStore(ca_file_path); // push the applicate CA files into the store, therefore adding any new CA certs that @@ -1239,7 +1249,6 @@ void LLSecAPIBasicHandler::_readProtectedData() llifstream::binary); if (!protected_data_stream.fail()) { - int offset; U8 salt[STORE_SALT_SIZE]; U8 buffer[BUFFER_READ_SIZE]; U8 decrypted_buffer[BUFFER_READ_SIZE]; @@ -1250,7 +1259,6 @@ void LLSecAPIBasicHandler::_readProtectedData() // read in the salt and key protected_data_stream.read((char *)salt, STORE_SALT_SIZE); - offset = 0; if (protected_data_stream.gcount() < STORE_SALT_SIZE) { throw LLProtectedDataException("Config file too short."); @@ -1323,7 +1331,7 @@ void LLSecAPIBasicHandler::_writeProtectedData() std::string tmp_filename = mProtectedDataFilename + ".tmp"; llofstream protected_data_stream(tmp_filename.c_str(), - llofstream::binary); + std::ios_base::binary); try { @@ -1356,6 +1364,7 @@ void LLSecAPIBasicHandler::_writeProtectedData() } catch (...) { + LL_WARNS() << "LLProtectedDataException(Error writing Protected Data Store)" << LL_ENDL; // it's good practice to clean up any secure information on error // (even though this file isn't really secure. Perhaps in the future // it may be, however. @@ -1364,20 +1373,35 @@ void LLSecAPIBasicHandler::_writeProtectedData() // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens //throw LLProtectedDataException("Error writing Protected Data Store"); - llinfos << "LLProtectedDataException(Error writing Protected Data Store)" << llendl; } - // move the temporary file to the specified file location. - if((((LLFile::isfile(mProtectedDataFilename) != 0) && - (LLFile::remove(mProtectedDataFilename) != 0))) || - (LLFile::rename(tmp_filename, mProtectedDataFilename))) + try + { + // move the temporary file to the specified file location. + if((( (LLFile::isfile(mProtectedDataFilename) != 0) + && (LLFile::remove(mProtectedDataFilename) != 0))) + || (LLFile::rename(tmp_filename, mProtectedDataFilename))) + { + LL_WARNS() << "LLProtectedDataException(Could not overwrite protected data store)" << LL_ENDL; + LLFile::remove(tmp_filename); + + // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() + // Decided throwing an exception here was overkill until we figure out why this happens + //throw LLProtectedDataException("Could not overwrite protected data store"); + } + } + catch (...) { + LL_WARNS() << "LLProtectedDataException(Error renaming '" << tmp_filename + << "' to '" << mProtectedDataFilename << "')" << LL_ENDL; + // it's good practice to clean up any secure information on error + // (even though this file isn't really secure. Perhaps in the future + // it may be, however. LLFile::remove(tmp_filename); - // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() + //crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens - //throw LLProtectedDataException("Could not overwrite protected data store"); - llinfos << "LLProtectedDataException(Could not overwrite protected data store)" << llendl; + //throw LLProtectedDataException("Error writing Protected Data Store"); } } @@ -1544,7 +1568,7 @@ std::string LLSecAPIBasicHandler::_legacyLoadPassword() { const S32 HASHED_LENGTH = 32; std::vector<U8> buffer(HASHED_LENGTH); - llifstream password_file(mLegacyPasswordPath, llifstream::binary); + llifstream password_file(mLegacyPasswordPath.c_str(), llifstream::binary); if(password_file.fail()) { |