Closed Bug 495656 Opened 16 years ago Closed 16 years ago

NSS_InitReadWrite("sql:<configdir>") leaves behind a pkcs11.txu file if libnssckbi.so is in <configdir>.

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: wtc, Assigned: rrelyea)

Details

(Whiteboard: FIPS)

Attachments

(3 files, 1 obsolete file)

pkcs11.txt
521 bytes, text/plain
Details
pkcs11.txu
439 bytes, text/plain
Details
Proposed patch v1.1
898 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
Attached file pkcs11.txt
To reproduce this bug on Linux, create a brand new directory <configdir> and copy libnssckbi.so to <configdir>. Then call NSS_InitReadWrite("sql:<configdir>") The NSS_InitReadWrite call succeeds, but leaves behind a pkcs11.txu file in <configdir>. I haven't debugged this, but I believe this has something to do with the nss_FindExternalRoot call in nss_Init. The pkcs11.txt and pkcs11.txu files are attached.
Attached file pkcs11.txu
Attached patch Proposed patch (obsolete) — Splinter Review
The problem is in sftkdb_DeleteSecmodDB when 'found' is true.
Attachment #380678 - Flags: review?(rrelyea)
Also move the comment.
Attachment #380678 - Attachment is obsolete: true
Attachment #380679 - Flags: review?(rrelyea)
Attachment #380678 - Flags: review?(rrelyea)
The severity of this bug is minor or trivial. Since sftkdb_DeleteSecmodDB truncates any existing pkcs11.txu file, leaving behind pkcs11.txu won't cause the next sftkdb_DeleteSecmodDB call to malfunction. Bob, could you check in my patch for me because I'm not following the NSS respins for FIPS? Thanks. We may want to use a better name than "pkcs11.txu", or add a comment that contains this string to make the relevant code more discoverable, like this: dbname2[strlen(dbname)-1]++; /* pkcs11.txu */ When I first saw the pkcs11.txu file, I couldn't figure out what it is and what code created it.
Assignee: nobody → rrelyea
Severity: normal → minor
Whiteboard: FIPS [Awaiting Softoken's Thaw]
Attachment #380679 - Flags: review?(rrelyea) → review+
Comment on attachment 380679 [details] [diff] [review] Proposed patch v1.1 r+ I see it's already nominated for FIPS... I'm OK with the comment about pkcs11.txu as well. The code is designed to handle the case that the passed in name may not be pkcs11.txt...
Status: NEW → ASSIGNED
Target Milestone: --- → 3.12.4
bobs-laptop(108) cvs commit sftkmod.c Checking in sftkmod.c; /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v <-- sftkmod.c new revision: 1.6; previous revision: 1.5 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
Priority: -- → P1
Is this fix only for Linux x86_64 or for all platforms ?
All platforms... (adjusted the platform defs). bob
OS: Linux → All
Hardware: x86_64 → All
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: