Closed Bug 158339 Opened 23 years ago Closed 23 years ago

RNG_RNGInit() failure causes bad free (bus error)

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.4.2
Platform:
All
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kirk.erickson, Assigned: wtc)

Details

Attachments

(1 file)

Proposed patch for the tip (3.6)
600 bytes, patch
Details | Diff | Splinter Review
When the RNG_RNGInit() call in nsc_commonInitialize() fails, goto loser: causes a bus error because paramStrings we never init_args. See softoken/pkcs11.c rv = RNG_RNGInit(); /* initialize random number generator */ if (rv != SECSuccess) { crv = CKR_DEVICE_ERROR; goto loser; } RNG_SystemInfoForRNG();
Stack trace of the bus error under Solaris dbx: > > The only info I got from the debug version is that it is failing in > SECMOD_LoadPKCS11Module: > > 213: if (PK11_GETTAB(mod)->C_Initialize(&secmodLockFunctions) != > CKR_OK) { > > [1] _free_unlocked(0x6572733d, 0xfeeb8000, 0x6572733d, 0xfeeb8000, > 0xff3e260c, 0xff0a05e8), at 0xfee42090 > [2] free(0x6572733d, 0x1, 0x0, 0x0, 0x0, 0x0), at 0xfee42040 > [3] PR_Free(0x6572733d, 0xfea4dbc0, 0x0, 0x0, 0x0, 0x0), at 0xff032680 > [4] PORT_Free(0x6572733d, 0x0, 0x0, 0x0, 0x0, 0x0), at 0xfea64878 > [5] secmod_freeParams(0xffbee5c0, 0xfeeb8000, 0x2abea0, 0xfeeb8000, > 0xff32dd72, 0xff00), at 0xfea263dc > [6] nsc_CommonInitialize(0xff3508f0, 0x0, 0x8, 0x0, 0xff32dd72, > 0xff00), at 0xfea2eb10 > [7] NSC_Initialize(0xff3508f0, 0x0, 0x2abea0, 0x0, 0x0, 0x0), at > 0xfea2eba4 > =>[8] SECMOD_LoadPKCS11Module(mod = 0x2abfb8), line 213 in "pk11load.c" > [9] SECMOD_LoadModule(modulespec = 0x2abd50 "library= name="NSS > Internal PKCS #11 Module" parameters="configdir='' certPrefix='' > keyPrefix='' secmod='secmod.db' > flags=readOnly,noCertDB,noModDB,forceOpen " NSS="Flags=internal,critical > trustOrder=0 cipherOrder=100 > slotParams=(1={slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES] > askpw=any timeout=30})"", parent = 0x2aba70, recurse = 1), line 303 in > "pk11pars.c" > [10] SECMOD_LoadModule(modulespec = 0x2ab238 "name="NSS Internal > Module" parameters="configdir='' certPrefix='' keyPrefix='' > secmod='secmod.db' flags=readOnly,noCertDB,noModDB,forceOpen " > NSS="flags=internal,moduleDB,moduleDBOnly,critical"", parent = (nil), > recurse = 1), line 316 in "pk11pars.c" > [11] nss_Init(configdir = 0x29c450 "", certPrefix = 0xff32d218 "", > keyPrefix = 0xff32d21c "", secmodName = 0xff32d220 "secmod.db", readOnly > = 1, noCertDB = 1, noModDB = 1, forceOpen = 1, noRootInit = 1), line 444 > in "nssinit.c" > [12] NSS_NoDB_Init(configdir = 0x29c450 ""), line 522 in "nssinit.c" >
This patch also works for the 3.5 branch. The 3.4 branch will need a different patch.
Fix checked into the tip (3.6). I think we don't need to fix this bug on the 3.4 or 3.5 branch.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.6
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: