Resolves bug 66244 - Many NSS command do not detect failure of NSS_Init* functions. Introduced SECU_PrintPRandOSError(progName); to print on failure. Each command is responsible for exiting with appropriate status to distinguish failure points.

16 files changed, 109 insertions, 23 deletions

diff --git a/security/nss/cmd/bltest/blapitest.c b/security/nss/cmd/bltest/blapitest.c
index c946ccad7..05c72df5b 100644
--- a/security/nss/cmd/bltest/blapitest.c
+++ b/security/nss/cmd/bltest/blapitest.c
@@ -1992,7 +1992,11 @@ int main(int argc, char **argv)
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
 
-    NSS_NoDB_Init(NULL);
+    rv = NSS_NoDB_Init(NULL);
+    if (rv != SECSuccess) {
+    	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
     rv = SECU_ParseCommandLine(argc, argv, progName, &bltest);
 
diff --git a/security/nss/cmd/certcgi/certcgi.c b/security/nss/cmd/certcgi/certcgi.c
index 0b9a02305..ad14f6dd9 100644
--- a/security/nss/cmd/certcgi/certcgi.c
+++ b/security/nss/cmd/certcgi/certcgi.c
@@ -62,6 +62,7 @@
 #define SERIAL_FILE    "../serial"
 #define DB_DIRECTORY   ".."
 
+static char *progName;
 
 typedef struct PairStr Pair;
 
@@ -2201,8 +2202,8 @@ done:
 }
 
 
-void
-main()
+int
+main(int argc, char **argv)
 {
     int                    length = 500;
     int                    remaining = 500;
@@ -2240,6 +2241,9 @@ main()
     PRBool                 UChain = PR_FALSE;
 
 
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
 
 #ifdef TEST
     sleep(20);
@@ -2251,6 +2255,10 @@ main()
 
     PK11_SetPasswordFunc(return_dbpasswd);
     NSS_InitReadWrite(DBdir);
+    if (status != SECSuccess) {
+	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
     handle = CERT_GetDefaultCertDB();
 
     prefix[0]= '\0';
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index 23d97444c..74a51b080 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -2450,14 +2450,7 @@ main(int argc, char **argv)
     rv = NSS_Initialize(SECU_ConfigDirectory(NULL), certPrefix, certPrefix,
                         "secmod.db", PR_FALSE);
     if (rv != SECSuccess) {
-	char buffer[513];
-	PRErrorCode err    = PR_GetError();
-	PRInt32     errLen = PR_GetErrorTextLength();
-	if (errLen > 0 && errLen < sizeof buffer)
-	    PR_GetErrorText(buffer);
-	SECU_PrintError(progName, "NSS_Initialize failed");
-	if (errLen > 0 && errLen < sizeof buffer)
-	    PR_fprintf(PR_STDERR, "\t%s\n", buffer);
+	SECU_PrintPRandOSError(progName);
 	return -1;
     }
     certHandle = CERT_GetDefaultCertDB();
diff --git a/security/nss/cmd/crlutil/crlutil.c b/security/nss/cmd/crlutil/crlutil.c
index 374c5d00c..b2633c40d 100644
--- a/security/nss/cmd/crlutil/crlutil.c
+++ b/security/nss/cmd/crlutil/crlutil.c
@@ -268,6 +268,7 @@ int main(int argc, char **argv)
     int crlType;
     PLOptState *optstate;
     PLOptStatus status;
+    SECStatus secstatus;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -346,7 +347,11 @@ int main(int argc, char **argv)
     if (importCRL && !inFile) Usage (progName);
     
     PR_Init( PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+    secstatus = NSS_InitReadWrite(SECU_ConfigDirectory(NULL));
+    if (secstatus != SECSuccess) {
+	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
     certHandle = CERT_GetDefaultCertDB();
     if (certHandle == NULL) {
diff --git a/security/nss/cmd/derdump/derdump.c b/security/nss/cmd/derdump/derdump.c
index ef1cb4988..603d5f772 100644
--- a/security/nss/cmd/derdump/derdump.c
+++ b/security/nss/cmd/derdump/derdump.c
@@ -111,7 +111,11 @@ int main(int argc, char **argv)
     if (!inFile) inFile = PR_STDIN;
     if (!outFile) outFile = stdout;
 
-    NSS_NoDB_Init(NULL);	/* XXX */
+    rv = NSS_NoDB_Init(NULL);	/* XXX */
+    if (rv != SECSuccess) {
+	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
 	rv = SECU_ReadDERFromFile(&der, inFile, PR_FALSE);
     if (rv == SECSuccess) {
diff --git a/security/nss/cmd/lib/secutil.c b/security/nss/cmd/lib/secutil.c
index 50865a87c..a36947fb5 100644
--- a/security/nss/cmd/lib/secutil.c
+++ b/security/nss/cmd/lib/secutil.c
@@ -2455,3 +2455,19 @@ SECU_ErrorString(int16 err)
 
     return SECUErrorBuf;
 }
+
+
+void 
+SECU_PrintPRandOSError(char *progName) 
+{
+    char buffer[513];
+    PRErrorCode err    = PR_GetError();
+    PRInt32     errLen = PR_GetErrorTextLength();
+    if (errLen > 0 && errLen < sizeof buffer) {
+        PR_GetErrorText(buffer);
+    }
+    SECU_PrintError(progName, "NSS_Initialize failed");
+    if (errLen > 0 && errLen < sizeof buffer) {
+        PR_fprintf(PR_STDERR, "\t%s\n", buffer);
+    }
+}
diff --git a/security/nss/cmd/lib/secutil.h b/security/nss/cmd/lib/secutil.h
index 3bbb7b19b..81267e592 100644
--- a/security/nss/cmd/lib/secutil.h
+++ b/security/nss/cmd/lib/secutil.h
@@ -297,6 +297,8 @@ extern void SEC_Init(void);
 
 extern char *SECU_SECModDBName(void);
 
+extern void SECU_PrintPRandOSError(char *progName);
+
 /*
  *
  *  Utilities for parsing security tools command lines 
diff --git a/security/nss/cmd/modutil/error.h b/security/nss/cmd/modutil/error.h
index 504e32f24..42583a355 100644
--- a/security/nss/cmd/modutil/error.h
+++ b/security/nss/cmd/modutil/error.h
@@ -80,6 +80,7 @@ typedef enum {
 	STDIN_READ_ERR,
 	UNSPECIFIED_ERR,
 	NOCERTDB_MISUSE_ERR,
+	NSS_INITIALIZE_FAILED_ERR,
 
 	LAST_ERR /* must be last */
 } Error;
@@ -132,6 +133,7 @@ static char *errStrings[] = {
 	"ERROR: Unable to read from standard input.\n",
 	"ERROR: Unknown error occurred.\n",
 	"ERROR: -nocertdb option can only be used with the -jar command.\n"
+	"ERROR: NSS_Initialize() failed.\n"
 };
 
 typedef enum {
diff --git a/security/nss/cmd/modutil/modutil.c b/security/nss/cmd/modutil/modutil.c
index 05db00f16..a6b6d3382 100644
--- a/security/nss/cmd/modutil/modutil.c
+++ b/security/nss/cmd/modutil/modutil.c
@@ -40,6 +40,8 @@
 
 static void install_error(char *message);
 static char* PR_fgets(char *buf, int size, PRFileDesc *file);
+static char *progName;
+
 
 /* This enum must be kept in sync with the commandNames list */
 typedef enum {
@@ -503,6 +505,8 @@ init_crypto(PRBool create, PRBool readOnly)
 	PRBool free_moddbname = PR_FALSE;
 #endif
 	Error retval;
+	SECStatus rv;
+
 
 	if(SECU_ConfigDirectory(dbdir)[0] == '\0') {
 		PR_fprintf(PR_STDERR, errStrings[NO_DBDIR_ERR]);
@@ -613,8 +617,13 @@ init_crypto(PRBool create, PRBool readOnly)
 	}
 
 	/* Open/create key database */
-	NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
+	rv = NSS_Initialize(SECU_ConfigDirectory(NULL), dbprefix, dbprefix,
 	               "secmod.db", readOnly);
+	if (rv != SECSuccess) {
+	    SECU_PrintPRandOSError(progName);
+	    retval=NSS_INITIALIZE_FAILED_ERR;
+	    goto loser;
+	}
 
 	retval=SUCCESS;
 loser:
@@ -705,6 +714,10 @@ main(int argc, char *argv[])
 #define STDINBUF_SIZE 80
 	char stdinbuf[STDINBUF_SIZE];
 
+    progName = strrchr(argv[0], '/');
+    progName = progName ? progName+1 : argv[0];
+
+
 	PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0);
 
 	if(parse_args(argc, argv) != SUCCESS) {
diff --git a/security/nss/cmd/p7content/p7content.c b/security/nss/cmd/p7content/p7content.c
index b333a9587..e7dfbeba3 100644
--- a/security/nss/cmd/p7content/p7content.c
+++ b/security/nss/cmd/p7content/p7content.c
@@ -203,6 +203,7 @@ main(int argc, char **argv)
     PRFileDesc *inFile;
     PLOptState *optstate;
     PLOptStatus status;
+	SECStatus rv;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -251,7 +252,11 @@ main(int argc, char **argv)
 
     /* Call the initialization routines */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_Init(SECU_ConfigDirectory(NULL));
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
     if (DecodeAndPrintFile(outFile, inFile, progName)) {
 	SECU_PrintError(progName, "problem decoding data");
diff --git a/security/nss/cmd/p7env/p7env.c b/security/nss/cmd/p7env/p7env.c
index 65bbf09be..49a28392f 100644
--- a/security/nss/cmd/p7env/p7env.c
+++ b/security/nss/cmd/p7env/p7env.c
@@ -169,6 +169,7 @@ main(int argc, char **argv)
     struct recipient *recipients, *rcpt;
     PLOptState *optstate;
     PLOptStatus status;
+	SECStatus rv;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -240,7 +241,11 @@ main(int argc, char **argv)
 
     /* Call the libsec initialization routines */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_Init(SECU_ConfigDirectory(NULL));
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+    	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
     /* open cert database */
     certHandle = CERT_GetDefaultCertDB();
diff --git a/security/nss/cmd/p7sign/p7sign.c b/security/nss/cmd/p7sign/p7sign.c
index 7735de54d..33b3e3e9c 100644
--- a/security/nss/cmd/p7sign/p7sign.c
+++ b/security/nss/cmd/p7sign/p7sign.c
@@ -178,6 +178,7 @@ main(int argc, char **argv)
     PRBool encapsulated = PR_FALSE;
     PLOptState *optstate;
     PLOptStatus status;
+	SECStatus rv;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -236,7 +237,12 @@ main(int argc, char **argv)
 
     /* Call the initialization routines */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_Init(SECU_ConfigDirectory(NULL));
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
+
     /* open cert database */
     certHandle = CERT_GetDefaultCertDB();
     if (certHandle == NULL) {
diff --git a/security/nss/cmd/p7verify/p7verify.c b/security/nss/cmd/p7verify/p7verify.c
index c63f1dd10..71043f7e7 100644
--- a/security/nss/cmd/p7verify/p7verify.c
+++ b/security/nss/cmd/p7verify/p7verify.c
@@ -216,6 +216,7 @@ main(int argc, char **argv)
     SECCertUsage certUsage = certUsageEmailSigner;
     PLOptState *optstate;
     PLOptStatus status;
+	SECStatus rv;
 
     progName = strrchr(argv[0], '/');
     progName = progName ? progName+1 : argv[0];
@@ -284,7 +285,11 @@ main(int argc, char **argv)
 
     /* Call the libsec initialization routines */
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_Init(SECU_ConfigDirectory(NULL));
+    rv = NSS_Init(SECU_ConfigDirectory(NULL));
+    if (rv != SECSuccess) {
+    	SECU_PrintPRandOSError(progName);
+	return -1;
+    }
 
     if (HashDecodeAndVerify(outFile, contentFile, signatureFile,
 			    certUsage, progName)) {
diff --git a/security/nss/cmd/pk12util/pk12util.c b/security/nss/cmd/pk12util/pk12util.c
index 5f5770cec..a08cdbf8b 100644
--- a/security/nss/cmd/pk12util/pk12util.c
+++ b/security/nss/cmd/pk12util/pk12util.c
@@ -42,7 +42,7 @@
 
 #define PKCS12_IN_BUFFER_SIZE	200
 
-char *progName;
+static char *progName;
 
 PRIntn pk12uErrno = 0;
 
@@ -784,10 +784,18 @@ loser:
 static PRUintn
 P12U_Init(char *dir)
 {
+    SECStatus rv;
     PK11_SetPasswordFunc(SECU_GetModulePassword);
 
     PR_Init(PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
-    NSS_InitReadWrite(dir);
+    rv = NSS_InitReadWrite(dir);
+    if (rv != SECSuccess) {
+    	SECU_PrintPRandOSError(progName);
+        exit(-1);
+    }
+
+    /* enable all ciphers */
+    p12u_EnableAllCiphers();
 
     /* setup unicode callback functions */
     PORT_SetUCS2_ASCIIConversionFunction(p12u_ucs2_ascii_conversion_function);
diff --git a/security/nss/cmd/signtool/util.c b/security/nss/cmd/signtool/util.c
index a4cb21fa7..51e0c7efb 100644
--- a/security/nss/cmd/signtool/util.c
+++ b/security/nss/cmd/signtool/util.c
@@ -766,10 +766,15 @@ InitCrypto(char *cert_dir, PRBool readOnly)
 		/* some functions such as OpenKeyDB expect this path to be
 		 * implicitly set prior to calling */
 		if (readOnly) {
-		   NSS_Init(cert_dir);
+		    rv = NSS_Init(cert_dir);
 		} else {
-		    NSS_InitReadWrite(cert_dir);
+		    rv = NSS_InitReadWrite(cert_dir);
 		}
+    		if (rv != SECSuccess) {
+		    SECU_PrintPRandOSError(PROGRAM_NAME);
+		    exit(-1);
+    		}
+
 		SECU_ConfigDirectory (cert_dir);
 
 		/* Been there done that */
diff --git a/security/nss/cmd/signver/signver.c b/security/nss/cmd/signver/signver.c
index 801256bb1..23dfe3383 100644
--- a/security/nss/cmd/signver/signver.c
+++ b/security/nss/cmd/signver/signver.c
@@ -187,6 +187,7 @@ int main(int argc, char **argv)
 	PRBool displayAllSigners = PR_FALSE;
 	PRFileInfo info;
 	PRInt32 nb;
+	SECStatus secstatus;
 
 	secuCommand signver;
 	signver.numCommands = sizeof(signver_commands) /sizeof(secuCommandFlag);
@@ -302,7 +303,11 @@ int main(int argc, char **argv)
 	} 
 
 	PR_SetError(0, 0); /* PR_Init("pp", 1, 1, 0);*/
-	NSS_Init(SECU_ConfigDirectory(NULL));
+	secstatus = NSS_Init(SECU_ConfigDirectory(NULL));
+    	if (secstatus != SECSuccess) {
+	    SECU_PrintPRandOSError(progName);
+	    return -1;
+	}
 
 	rv = SECU_ReadDERFromFile(&der, signFile, 
 	                          signver.options[opt_ASCII].activated);