Closed Bug 177798 Opened 22 years ago Closed 22 years ago

ShutdownCRLCache doesn't NULL pointers

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: julien.pierre, Assigned: julien.pierre)

References

Details

Attachments

(2 files)

NULL pointers upon destruction
552 bytes, patch
Details | Diff | Splinter Review
improve handling of initialization / shutdown of the CRL cache using a static status variable
3.32 KB, patch
Details | Diff | Splinter Review 
The CRL cache uses a PRLock* and a hash table of issuers.
They are initialized in InitCRLCache and destroyed in ShutdownCRLCache, which
are called respectively upon NSS initialization and shutdown.
However, ShutdownCRLCache doesn't NULL the pointers after the destruction.
If an application restarts NSS (eg. browser switching profile), then when
InitCRLCache gets called the 2nd time around, it will not reallocate a lock or a
hash table, since the pointers are still set. This will cause crash in the
application during cert verification, or upon shutdown when trying to free them.
The fix for this needs to into both 3.6.1 and 3.7 .
Priority: -- → P1
Target Milestone: --- → 3.6.1

    
  
Blocks: 171331

    
  
Blocks: 1.2

    
    

    
  
Taking bug.

Assignee: wtc → jpierre

    
    

    
  
Checked in to NSS_3_6_BRANCH :
Checking in crl.c;
/cvsroot/mozilla/security/nss/lib/certdb/crl.c,v  <--  crl.c
new revision: 1.26.2.2; previous revision: 1.26.2.1
done

And the tip ( NSS 3.7 ) :

Checking in crl.c;
/cvsroot/mozilla/security/nss/lib/certdb/crl.c,v  <--  crl.c
new revision: 1.29; previous revision: 1.28
done

Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
    

    
  
While I think these are good changes, the root cause
of the bug is that InitCRLCache returns SECSuccess
without doing anything if crlcache.lock is not null.
I think the "if (!crlcache.lock)" check in InitCRLCache
is not necessary and should be deleted.  Alternatively,
it should be replaced by either an assertion:

    PORT_Assert(!crlcache.lock);

or proper error handling:

    if (crlcache.lock) {
        PORT_SetError(<some error code>);
        return SECFailure;
    }

By the way, this statement in InitCRLCache

     crlcache.lock = PR_FALSE;

should be

     crlcache.lock = NULL;

    
    

    
  
Reopening per Wan-Teh's comments.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  
Discussed this with Bob. The new patch is going into the tip, not in NSS_3_6_BRANCH.

Checking in crl.c;
/cvsroot/mozilla/security/nss/lib/certdb/crl.c,v  <--  crl.c
new revision: 1.30; previous revision: 1.29
done
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: