Closed Bug 392521 Opened 14 years ago Closed 13 years ago

Automatic shared db update fails if user opens database R/W but never supplies a password


(NSS :: Libraries, defect)

Not set


(Not tracked)



(Reporter: rrelyea, Assigned: rrelyea)




(1 file, 1 obsolete file)

If you open a new shared library database, with an old dbm database in the same directory, NSS will attempt to update  the new shared library database from the old database, however a password is required to complete the update.

If the application fails to supply the password while it's running and closes down, the next time the application opens the database it will open the new empty shared library database.

SDB needs to return needUpdate true for any these empty databases just like it does for new databases.
the meta data table is created when the database is initialized or updated to hold the password record. Currently the meta data table is only in the key db. If there is no key db, then update happens immediately after the first open.

alexei, if you are overloaded, feel free to bounce this review to someone else.


Attachment #277420 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 277420 [details] [diff] [review]
Detect the case where the database was created, but never updated.

r- mostly because of dereferencing of a pointer to NULL(sdb_p). 

What does "metaData" table exist for?

I also would like to read more about sqlite db to understand how they control table creating and data sharing between processes.
Attachment #277420 - Flags: review?(alexei.volkov.bugs) → review-
egad, I'm wondering why that didn't crash in my tests now!

metaData table exists to store the password check record and authentication macs.
It's created as the last step of a transaction when initializing the database.

sqlite3 supports transaction logs and critical interprocess locking to provide coherency.

OK, this one doesn't crash.
Attachment #277420 - Attachment is obsolete: true
Attachment #280534 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 280534 [details] [diff] [review]
Version 2: Detect the case where the database was created, but never updated.

Bob, could expend the comment explaining, why we only care about key DB(type  == SDB_KEY) in this block of code. thx
Attachment #280534 - Flags: review?(alexei.volkov.bugs) → review+
Checked in with expanded comment.

Checking in sdb.c;
/cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v  <--  sdb.c
new revision: 1.4; previous revision: 1.3
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.