Closed
Bug 260882
Opened 20 years ago
Closed 20 years ago
cache->searchedObjectType[] should always be cleared in clear_cache()
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.9.3
People
(Reporter: kinmoz, Assigned: nelson)
Details
Attachments
(1 file)
1.12 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
In clear_cache() there is a for loop that looks something like this: for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) { if (!cache->objects[objectType]) { continue; } ... cache->objects[objectType] = NULL; cache->searchedObjectType[objectType] = PR_FALSE; } It seems that it is possible to get into the situation where cache->objects[objectType] is NULL while cache->searchedObjectType[objectType] is PR_TRUE. In that particular case clear_cache() will never set the cache->searchedObjectType[objectType] flag to PR_FALSE, which could result in get_token_certs_for_cache() never loading the certs for new tokens that are inserted into the slot because it thinks the certs were already cached off of the token. My proposed fix is to set cache->searchedObjectType[objectType] at the top of the for loop.
I probably should've mentioned the file these functions live in ... doh ... You'll find the cache functions mentioned above in mozilla/security/nss/lib/dev/devutil.c.
Assignee | ||
Comment 2•20 years ago
|
||
Comment on attachment 159648 [details] [diff] [review] Patch Rev 1 (against the NSS_3_9_BRANCH) r=nelson
Attachment #159648 -
Flags: review+
Assignee | ||
Comment 3•20 years ago
|
||
Checked in on NSS 3.9 branch for NSS 3.9.3 Checking in dev/devutil.c; new revision: 1.23.16.1; previous revision: 1.23
Assignee: wchang0222 → nelson
Assignee | ||
Comment 4•20 years ago
|
||
Checked in on trunk Checking in devutil.c; new revision: 1.25; previous revision: 1.24
Status: NEW → RESOLVED
Closed: 20 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.9.3
Version: 3.9.3 → 3.9.2
Comment 5•20 years ago
|
||
Comment on attachment 159648 [details] [diff] [review] Patch Rev 1 (against the NSS_3_9_BRANCH) r=wtc. I reviewed create_object_array and found that it may return NULL and set *status to PR_SUCCESS (and *numObjects to 0). So get_token_certs_for_cache may set cache->objects[cachedCerts] to NULL and cache->searchedObjectType[cachedCerts] to PR_TRUE. Therefore clear_cache needs to handle this properly. (Another way for a cache to get into this state is via nssTokenObjectCache_RemoveObject, which may set cache->objects[oType] to NULL without modifying cache->searchedObjectType[oType].)
You need to log in
before you can comment on or make changes to this bug.
Description
•