Automatic shared db update fails if user opens database R/W but never supplies a password

RESOLVED FIXED in 3.12

Status

NSS
Libraries
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: Robert Relyea, Assigned: Robert Relyea)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

10 years ago
If you open a new shared library database, with an old dbm database in the same directory, NSS will attempt to update  the new shared library database from the old database, however a password is required to complete the update.

If the application fails to supply the password while it's running and closes down, the next time the application opens the database it will open the new empty shared library database.

SDB needs to return needUpdate true for any these empty databases just like it does for new databases.
(Assignee)

Comment 1

10 years ago
Created attachment 277420 [details] [diff] [review]
Detect the case where the database was created, but never updated.

the meta data table is created when the database is initialized or updated to hold the password record. Currently the meta data table is only in the key db. If there is no key db, then update happens immediately after the first open.

alexei, if you are overloaded, feel free to bounce this review to someone else.

Thanks,

bob
Attachment #277420 - Flags: review?(alexei.volkov.bugs)

Comment 2

10 years ago
Comment on attachment 277420 [details] [diff] [review]
Detect the case where the database was created, but never updated.

r- mostly because of dereferencing of a pointer to NULL(sdb_p). 

What does "metaData" table exist for?

I also would like to read more about sqlite db to understand how they control table creating and data sharing between processes.
Attachment #277420 - Flags: review?(alexei.volkov.bugs) → review-
(Assignee)

Comment 3

10 years ago
egad, I'm wondering why that didn't crash in my tests now!

metaData table exists to store the password check record and authentication macs.
It's created as the last step of a transaction when initializing the database.

sqlite3 supports transaction logs and critical interprocess locking to provide coherency.

bob
(Assignee)

Comment 4

10 years ago
Created attachment 280534 [details] [diff] [review]
Version 2: Detect the case where the database was created, but never updated.

OK, this one doesn't crash.
Attachment #277420 - Attachment is obsolete: true
Attachment #280534 - Flags: review?(alexei.volkov.bugs)

Comment 5

10 years ago
Comment on attachment 280534 [details] [diff] [review]
Version 2: Detect the case where the database was created, but never updated.

Bob, could expend the comment explaining, why we only care about key DB(type  == SDB_KEY) in this block of code. thx
Attachment #280534 - Flags: review?(alexei.volkov.bugs) → review+
(Assignee)

Comment 6

10 years ago
Checked in with expanded comment.

Checking in sdb.c;
/cvsroot/mozilla/security/nss/lib/softoken/sdb.c,v  <--  sdb.c
new revision: 1.4; previous revision: 1.3
done
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.