Closed
Bug 239827
Opened 21 years ago
Closed 21 years ago
NSS has race condition in unwrap key code.
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
3.9.1
People
(Reporter: rrelyea, Assigned: rrelyea)
Details
(Whiteboard: [3.7.11])
Attachments
(2 files)
|
1.04 KB,
patch
|
wtc
:
review+
nelson
:
superreview+
|
Details | Diff | Splinter Review |
|
1.04 KB,
patch
|
wtc
:
review+
nelson
:
superreview+
|
Details | Diff | Splinter Review |
Bug reported byt thomasknscp@aol.com:
This bug is triggered when the application is under stress by multiple threads.
I think the stack trace that we captured supports the fact that the problem is
originated from PK11_UnwrapPrivKey where we forgot to enter a monitor that
protects the C_UnwrapKey function.
|
Assignee | |
Comment 1•21 years ago
|
||
The problem is in multiple creations of non-permanant keys. For permanent keys,
the appropriate locks or threadsafe session handle is acquired.
bob
|
|
Assignee | |
Comment 2•21 years ago
|
||
|
|
Assignee | |
Comment 3•21 years ago
|
||
|
|
Assignee | |
Comment 4•21 years ago
|
||
This patch has been verified on NSS 3.7 by thomask.
|
||
Comment 5•21 years ago
|
||
Comment on attachment 145559 [details] [diff] [review]
Add the appropriate locks. - Version NSS 3.7
r=wtc.
Attachment #145559 -
Flags: superreview?(MisterSSL)
Attachment #145559 -
Flags: review+
|
|
||
Comment 6•21 years ago
|
||
This fix should go into 3.9.1. Fortunately the code
path is not executed by the NISCC tests so the fix
does not invalidate the NISCC testing Bishakha has
done.
Status: NEW → ASSIGNED
Target Milestone: --- → 3.9.1
|
|
||
Updated•21 years ago
|
Attachment #145560 -
Flags: superreview?(MisterSSL)
Attachment #145560 -
Flags: review+
|
||
Comment 7•21 years ago
|
||
Comment on attachment 145559 [details] [diff] [review]
Add the appropriate locks. - Version NSS 3.7
This patch appears to be correct. However, it seems odd that all such
operations will now be single threaded for session objects, but not for token
objects.
But this operation is thought to be very rare, so maybe this detail doesn't
matter. r=MisterSSL
Attachment #145559 -
Flags: superreview?(MisterSSL) → superreview+
|
|
||
Comment 8•21 years ago
|
||
Comment on attachment 145560 [details] [diff] [review]
Add locks, patch for nss 3.9
Both of these patches are effectively identical. So my comments apply to both.
Attachment #145560 -
Flags: superreview?(MisterSSL) → superreview+
|
|
||
Updated•21 years ago
|
Whiteboard: [3.7.11]
|
|
||
Comment 9•21 years ago
|
||
Bob, This bug has several patches all r+ and sr+
Are these patchces checked in now? If not, why not?
Can this bug be closed?
|
|
||
Updated•21 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
|
||
Comment 10•21 years ago
|
||
Marked the bug fixed and verified. The fix is
in the tip (3.10), NSS_3_9_BRANCH (3.9.1), and
NSS_3_7_BRANCH (3.7.11). The fix was verified
by the original bug reporter (Thomas Kwan).
Status: RESOLVED → VERIFIED
|
|
Assignee | |
Comment 11•21 years ago
|
||
For future reference:
3.7 patch was pk11skey.c rev 1.57.2.9
3.9 patch was pk11skey.c rev 1.84.2.1
Trunk patch was pk11skey.c rev 1.86
bob
You need to log in
before you can comment on or make changes to this bug.
Description
•