Closed Bug 495656 Opened 11 years ago Closed 11 years ago

NSS_InitReadWrite("sql:<configdir>") leaves behind a pkcs11.txu file if libnssckbi.so is in <configdir>.

Categories

(NSS :: Libraries, defect, P1, minor)

Tracking

(Not tracked)

RESOLVED FIXED
3.12.4

People

(Reporter: wtc, Assigned: rrelyea)

Details

(Whiteboard: FIPS)

Attachments

(3 files, 1 obsolete file)

Attached file pkcs11.txt
To reproduce this bug on Linux, create a brand new directory <configdir>
and copy libnssckbi.so to <configdir>.  Then call

    NSS_InitReadWrite("sql:<configdir>")

The NSS_InitReadWrite call succeeds, but leaves behind a pkcs11.txu file
in <configdir>.

I haven't debugged this, but I believe this has something to do with the
nss_FindExternalRoot call in nss_Init.

The pkcs11.txt and pkcs11.txu files are attached.
Attached file pkcs11.txu
Attached patch Proposed patch (obsolete) — Splinter Review
The problem is in sftkdb_DeleteSecmodDB when 'found' is true.
Attachment #380678 - Flags: review?(rrelyea)
Also move the comment.
Attachment #380678 - Attachment is obsolete: true
Attachment #380679 - Flags: review?(rrelyea)
Attachment #380678 - Flags: review?(rrelyea)
The severity of this bug is minor or trivial.  Since
sftkdb_DeleteSecmodDB truncates any existing pkcs11.txu
file, leaving behind pkcs11.txu won't cause the next
sftkdb_DeleteSecmodDB call to malfunction.

Bob, could you check in my patch for me because I'm
not following the NSS respins for FIPS?  Thanks.

We may want to use a better name than "pkcs11.txu",
or add a comment that contains this string to make
the relevant code more discoverable, like this:

    dbname2[strlen(dbname)-1]++;  /* pkcs11.txu */

When I first saw the pkcs11.txu file, I couldn't
figure out what it is and what code created it.
Assignee: nobody → rrelyea
Severity: normal → minor
Whiteboard: FIPS [Awaiting Softoken's Thaw]
Attachment #380679 - Flags: review?(rrelyea) → review+
Comment on attachment 380679 [details] [diff] [review]
Proposed patch v1.1

r+ I see it's already nominated for FIPS...

I'm OK with the comment about pkcs11.txu as well. The code is designed to handle the case that the passed in name may not be pkcs11.txt...
Status: NEW → ASSIGNED
Target Milestone: --- → 3.12.4
bobs-laptop(108) cvs commit sftkmod.c 
Checking in sftkmod.c;
/cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v  <--  sftkmod.c
new revision: 1.6; previous revision: 1.5
done
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
Priority: -- → P1
Is this fix only for Linux x86_64 or for all platforms ?
All platforms... (adjusted the platform defs).

bob
OS: Linux → All
Hardware: x86_64 → All
You need to log in before you can comment on or make changes to this bug.