Closed Bug 495656 Opened 11 years ago Closed 11 years ago
_Init Read Write("sql:<configdir>") leaves behind a pkcs11 .txu file if libnssckbi .so is in <configdir>.
To reproduce this bug on Linux, create a brand new directory <configdir> and copy libnssckbi.so to <configdir>. Then call NSS_InitReadWrite("sql:<configdir>") The NSS_InitReadWrite call succeeds, but leaves behind a pkcs11.txu file in <configdir>. I haven't debugged this, but I believe this has something to do with the nss_FindExternalRoot call in nss_Init. The pkcs11.txt and pkcs11.txu files are attached.
The problem is in sftkdb_DeleteSecmodDB when 'found' is true.
Also move the comment.
The severity of this bug is minor or trivial. Since sftkdb_DeleteSecmodDB truncates any existing pkcs11.txu file, leaving behind pkcs11.txu won't cause the next sftkdb_DeleteSecmodDB call to malfunction. Bob, could you check in my patch for me because I'm not following the NSS respins for FIPS? Thanks. We may want to use a better name than "pkcs11.txu", or add a comment that contains this string to make the relevant code more discoverable, like this: dbname2[strlen(dbname)-1]++; /* pkcs11.txu */ When I first saw the pkcs11.txu file, I couldn't figure out what it is and what code created it.
Assignee: nobody → rrelyea
Severity: normal → minor
Attachment #380679 - Flags: review?(rrelyea) → review+
Comment on attachment 380679 [details] [diff] [review] Proposed patch v1.1 r+ I see it's already nominated for FIPS... I'm OK with the comment about pkcs11.txu as well. The code is designed to handle the case that the passed in name may not be pkcs11.txt...
bobs-laptop(108) cvs commit sftkmod.c Checking in sftkmod.c; /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v <-- sftkmod.c new revision: 1.6; previous revision: 1.5 done
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
Is this fix only for Linux x86_64 or for all platforms ?
All platforms... (adjusted the platform defs). bob
OS: Linux → All
Hardware: x86_64 → All
You need to log in before you can comment on or make changes to this bug.