Closed Bug 495656 Opened 15 years ago Closed 15 years ago

NSS_InitReadWrite("sql:<configdir>") leaves behind a pkcs11.txu file if libnssckbi.so is in <configdir>.

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.4

People

(Reporter: wtc, Assigned: rrelyea)

Details

(Whiteboard: FIPS)

Attachments

(3 files, 1 obsolete file)

pkcs11.txt
521 bytes, text/plain
Details
pkcs11.txu
439 bytes, text/plain
Details
Proposed patch v1.1
898 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
Attached file pkcs11.txt 
To reproduce this bug on Linux, create a brand new directory <configdir>
and copy libnssckbi.so to <configdir>.  Then call

    NSS_InitReadWrite("sql:<configdir>")

The NSS_InitReadWrite call succeeds, but leaves behind a pkcs11.txu file
in <configdir>.

I haven't debugged this, but I believe this has something to do with the
nss_FindExternalRoot call in nss_Init.

The pkcs11.txt and pkcs11.txu files are attached.
Attached file pkcs11.txu 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        Proposed patch (obsolete)
        — Splinter Review
      

    


  
The problem is in sftkdb_DeleteSecmodDB when 'found' is true.

        Attachment #380678 -
        Flags: review?(rrelyea)

    
    

    
  


  
Also move the comment.

        Attachment #380678 -
        Attachment is obsolete: true

        Attachment #380679 -
        Flags: review?(rrelyea)

        Attachment #380678 -
        Flags: review?(rrelyea)

    
    

    
  
The severity of this bug is minor or trivial.  Since
sftkdb_DeleteSecmodDB truncates any existing pkcs11.txu
file, leaving behind pkcs11.txu won't cause the next
sftkdb_DeleteSecmodDB call to malfunction.

Bob, could you check in my patch for me because I'm
not following the NSS respins for FIPS?  Thanks.

We may want to use a better name than "pkcs11.txu",
or add a comment that contains this string to make
the relevant code more discoverable, like this:

    dbname2[strlen(dbname)-1]++;  /* pkcs11.txu */

When I first saw the pkcs11.txu file, I couldn't
figure out what it is and what code created it.
Assignee: nobody → rrelyea
Severity: normal → minor

    
  
Whiteboard: FIPS [Awaiting Softoken's Thaw]

    
  

        Attachment #380679 -
        Flags: review?(rrelyea) → review+

    
    

    
  
Comment on attachment 380679 [details] [diff] [review]
Proposed patch v1.1

r+ I see it's already nominated for FIPS...

I'm OK with the comment about pkcs11.txu as well. The code is designed to handle the case that the passed in name may not be pkcs11.txt...

    
  
Status: NEW → ASSIGNED

    
  
Target Milestone: --- → 3.12.4

    
    

    
  
bobs-laptop(108) cvs commit sftkmod.c 
Checking in sftkmod.c;
/cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v  <--  sftkmod.c
new revision: 1.6; previous revision: 1.5
done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
Priority: -- → P1

    
    

    
  
Is this fix only for Linux x86_64 or for all platforms ?

    
    

    
  
All platforms... (adjusted the platform defs).

bob
OS: Linux → All
Hardware: x86_64 → All

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: