Closed
Bug 1383824
Opened 7 years ago
Closed 7 years ago
sql-backed softoken login state becomes inconsistent after PK11_InitPin with an empty password followed by PK11_ChangePW and PK11_Logout
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.33
People
(Reporter: keeler, Assigned: franziskus)
References
()
Details
Attachments
(2 files)
STR: 1. Initialize the softoken: case A: use PK11_InitPin with a non-empty password case B: use PK11_InitPin with an empty password and then call PK11_ChangePW to a non-empty password 2. PK11_Logout 3. Cause a certificate trust object to be stored on the softoken Expected results: because trust objects are authenticated with a private key, the user must be logged in (due to the non-empty password). However, since we've logged out, creating the trust object should fail. Actual results: case A works as expected: the operation fails because the user isn't logged in case B unexpectedly succeeds (that is, the softoken still somehow has access to the key it needs to create the authenticated object). See the attached source/makefile.
Reporter | ||
Comment 1•7 years ago
|
||
Assignee | ||
Comment 2•7 years ago
|
||
The problem in case B is that the token isn't logged in after setting a password. With an empty password the login state is always false because there's nothing to login. But when we add a password NSS doesn't set the state to loggedin. Thus the PK11_Logout function returns early (we're not logged in) and the create object works.
Assignee: nobody → franziskuskiefer
Status: NEW → ASSIGNED
Assignee | ||
Updated•7 years ago
|
Assignee | ||
Comment 3•7 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/990be4e30bf8a5f5619e0e6630ef7cc0784905fb
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.33
You need to log in
before you can comment on or make changes to this bug.
Description
•