Closed
Bug 103011
Opened 23 years ago
Closed 23 years ago
nsNSSComponent::GetPK11String leaks
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: dbaron, Assigned: KaiE)
Details
(Keywords: memory-leak)
Attachments
(2 files, 1 obsolete file)
|
9.47 KB,
patch
|
Details | Diff | Splinter Review | |
|
11.88 KB,
patch
|
dbaron
:
review+
brendan
:
superreview+
|
Details | Diff | Splinter Review |
I'm seeing leaks of the PR_Malloc in nsNSSComponent::GetPK11String. I'm not
sure if it's the caller's fault or that function, but that function could use
some cleanup. The leak stack is:
PR_Malloc[/builds/trunk/obj/debug/dist/bin/libnspr4.so +0x1742D]
nsNSSComponent::GetPK11String(unsigned short const*,
unsigned)[/builds/trunk/obj/debug/dist/bin/components/libpipnss.so +0x5DEC0]
nsNSSComponent::ConfigureInternalPKCS11Token()[/builds/trunk/obj/debug/dist/bin/components/libpipnss.so
+0x5E1C9]
nsNSSComponent::Init()[/builds/trunk/obj/debug/dist/bin/components/libpipnss.so
+0x5ED1D]
nsSSLIOLayerAddToSocket(char const*, int, char const*, int, PRFileDesc*,
nsISupports**, int)[/builds/trunk/obj/debug/dist/bin/components/libpipnss.so
+0x67B83]
nsGenericFactory::CreateInstance(nsISupports*, nsID const&,
void**)[/builds/trunk/obj/debug/dist/bin/libxpcom.so +0xEA529]
...
|
Reporter | |
Comment 1•23 years ago
|
||
Well, I wish NSS used |const char*| when appropriate. I did find one bug in NSS
that this code was working around and becoming very complicated, so I was able
to simplify things quite a bit.
|
|
Reporter | |
Comment 2•23 years ago
|
||
|
|
Reporter | |
Comment 3•23 years ago
|
||
|
||
Comment 4•23 years ago
|
||
cc PSM team.
David, can you review.
Thanks to David Baron
|
|
Reporter | |
Comment 5•23 years ago
|
||
|
|
Reporter | |
Updated•23 years ago
|
Attachment #51980 -
Attachment is obsolete: true
|
||
Comment 6•23 years ago
|
||
r=ddrinan.
|
||
Comment 7•23 years ago
|
||
there are a bunch of changes to NSS in here. Have those changes been run
by/approved by the NSS team?
|
|
||
Comment 8•23 years ago
|
||
Adding relyea to the cc-list. Bob, please review the NSS changes in this patch.
Thanks.
|
|
Reporter | |
Comment 9•23 years ago
|
||
Note that attachment 51974 [details] [diff] [review] makes only the minimal changes to NSS (correcting an
obvious mistake to avoid lots of complexity in the PSM code), whereas attachment
52597 [details] [diff] [review] fixes a tiny part of bug 103736 to avoid NS_CONST_CAST all over the PSM
changes.
|
||
Comment 10•23 years ago
|
||
The NSS changes (mozilla/security/nss/lib/*) attachment (id=52597)looks fine.
r=relyea
|
|
Reporter | |
Updated•23 years ago
|
Attachment #52597 -
Flags: review+
|
||
Comment 11•23 years ago
|
||
Comment on attachment 52597 [details] [diff] [review]
previous patch with NS_CONST_CASTs removed
/* The next two strings must be exactly 64 characters long, with the
first 32 characters meaningful */
-static char *slotDescription =
+static const char *slotDescription =
"Netscape Internal FIPS-140-1 Cryptographic Services ";
-static char *privSlotDescription =
+static const char *privSlotDescription =
"Netscape FIPS-140-1 User Private Key Services ";
These should be const char arrays ([] after the declarator name),
not pointers to const chars (* before the declarator).
Fix that and sr=brendan@mozilla.org.
/be
Attachment #52597 -
Flags: superreview+
|
||
Comment 12•23 years ago
|
||
Brendan,
slotDescription and privSlotDescription must be
pointers to const chars so that they can point
to other strings.
|
|
Reporter | |
Comment 13•23 years ago
|
||
So could someone check the NSS part of the patch in?
|
Assignee | |
Comment 14•23 years ago
|
||
Regarding comment #11, just an idea.
Instead of:
static const char *slotDescription =
"Netscape Internal FIPS-140-1 Cryptographic Services ";
Could we use the following?
static const char slotDescriptionDefault[] = {
"Netscape Internal FIPS-140-1 Cryptographic Services " };
static const char *slotDescription = slotDescriptionDefault;
|
|
||
Comment 15•23 years ago
|
||
No, because the string can be changes.
It's actually Moot for most of the strings. In 3.4 they only static strings left
are the ManufactureID and the Library description.
The token and slot descriptions are now stored in the PK11Slot structure.
|
|
Reporter | |
Comment 16•23 years ago
|
||
Giving this to default PSM owner because I'm not going to be able to check in
the NSS changes.
Assignee: dbaron → ssaux
|
|
||
Comment 18•23 years ago
|
||
I checked in the NSS part of the patch on the
NSS_3_3_BRANCH. However, I can't move the
NSS_CLIENT_TAG until I have verified the other
changes that have been checked in on the
NSS_3_3_BRANCH.
Bob, could you merge the NSS part of the patch
into the tip of NSS? The nss/lib/softoken
directory has changed so much that the patch
fails to apply to the tip of NSS.
Assignee: kaie → wtc
|
|
||
Comment 19•23 years ago
|
||
Yes, I've made them in my tree now and I'll check them in as soon as I have them
tested.
I think now would also be a good time to stop checking in NSS fixes to the 3.3
branch. NSS 3.4 has been integrated with PSM, so at this point I think the PSM
team should start using 3.4. Once we are happy with this we can create a tag
from the 3.4 branch and land that.
bob
|
|
||
Comment 20•23 years ago
|
||
Assigned the bug back to Kai.
Kai, please work with Bob Relyea and me to get the
NSS changes in NSS_CLIENT_TAG. Depending on the PSM
2.2 schedule, we can either do this in the NSS 3.3
branch or in NSS 3.4. It seems that Bob prefers to
do this in NSS 3.4.
Assignee: wtc → kaie
|
|
Assignee | |
Comment 21•23 years ago
|
||
Wan-Teh, I see that you meanwhile have moved the NSS_CLIENT_TAG, so the current
Mozilla trunk has the NSS changes from the patch.
That means we can now check in the PSM portion of the patch, I will do it.
|
|
||
Comment 22•23 years ago
|
||
Kai,
Yes, the fix is in NSS_CLIENT_TAG. I forgot to notify you.
Sorry about that.
|
|
Assignee | |
Comment 23•23 years ago
|
||
checked in => fixed
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 25•23 years ago
|
||
Triggered by researching a different bug, I by chance looked at this patch again.
Once thing I noted, but which has not been discussed here: Before this patch,
the strings given to PK11_ConfigurePKCS11 were truncated to a maximum length,
i.e. SHORT_PK11_STRING.
But now they can be of any length, whatever the locale string defines.
Is that a problem?
|
|
Reporter | |
Comment 26•23 years ago
|
||
pk11_SetStringName just ignores the excess, right?
|
|
Assignee | |
Comment 27•23 years ago
|
||
> pk11_SetStringName just ignores the excess, right?
I realize that in the past the implementation of PK11_ConfigurePKCS11 called
pk11_SetStringName with the available storage space, so you are right, the patch
was correct.
Now with NSS 3.4, PK11_ConfigurePKCS11 builds a dynamic string. I suppose NSS
has no longer that size restriction.
|
|
||
Comment 28•23 years ago
|
||
No, there is still a size restriction. It's based on the PKCS #11 interface. The
truncation would happen inside the softoken now.
bob
|
|
Assignee | |
Comment 29•23 years ago
|
||
Just for tracking purposes, the truncation will be cared for in bug 125728.
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•