Closed
Bug 495656
Opened 15 years ago
Closed 15 years ago
NSS_InitReadWrite("sql:<configdir>") leaves behind a pkcs11.txu file if libnssckbi.so is in <configdir>.
Categories
(NSS :: Libraries, defect, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.4
People
(Reporter: wtc, Assigned: rrelyea)
Details
(Whiteboard: FIPS)
Attachments
(3 files, 1 obsolete file)
To reproduce this bug on Linux, create a brand new directory <configdir> and copy libnssckbi.so to <configdir>. Then call NSS_InitReadWrite("sql:<configdir>") The NSS_InitReadWrite call succeeds, but leaves behind a pkcs11.txu file in <configdir>. I haven't debugged this, but I believe this has something to do with the nss_FindExternalRoot call in nss_Init. The pkcs11.txt and pkcs11.txu files are attached.
Reporter | ||
Comment 1•15 years ago
|
||
Reporter | ||
Comment 2•15 years ago
|
||
The problem is in sftkdb_DeleteSecmodDB when 'found' is true.
Attachment #380678 -
Flags: review?(rrelyea)
Reporter | ||
Comment 3•15 years ago
|
||
Also move the comment.
Attachment #380678 -
Attachment is obsolete: true
Attachment #380679 -
Flags: review?(rrelyea)
Attachment #380678 -
Flags: review?(rrelyea)
Reporter | ||
Comment 4•15 years ago
|
||
The severity of this bug is minor or trivial. Since sftkdb_DeleteSecmodDB truncates any existing pkcs11.txu file, leaving behind pkcs11.txu won't cause the next sftkdb_DeleteSecmodDB call to malfunction. Bob, could you check in my patch for me because I'm not following the NSS respins for FIPS? Thanks. We may want to use a better name than "pkcs11.txu", or add a comment that contains this string to make the relevant code more discoverable, like this: dbname2[strlen(dbname)-1]++; /* pkcs11.txu */ When I first saw the pkcs11.txu file, I couldn't figure out what it is and what code created it.
Assignee: nobody → rrelyea
Severity: normal → minor
Reporter | ||
Updated•15 years ago
|
Whiteboard: FIPS [Awaiting Softoken's Thaw]
Assignee | ||
Updated•15 years ago
|
Attachment #380679 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 5•15 years ago
|
||
Comment on attachment 380679 [details] [diff] [review] Proposed patch v1.1 r+ I see it's already nominated for FIPS... I'm OK with the comment about pkcs11.txu as well. The code is designed to handle the case that the passed in name may not be pkcs11.txt...
Assignee | ||
Updated•15 years ago
|
Status: NEW → ASSIGNED
Updated•15 years ago
|
Target Milestone: --- → 3.12.4
Assignee | ||
Comment 6•15 years ago
|
||
bobs-laptop(108) cvs commit sftkmod.c Checking in sftkmod.c; /cvsroot/mozilla/security/nss/lib/softoken/sftkmod.c,v <-- sftkmod.c new revision: 1.6; previous revision: 1.5 done
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Updated•15 years ago
|
Whiteboard: FIPS [Awaiting Softoken's Thaw] → FIPS
Updated•15 years ago
|
Priority: -- → P1
Comment 7•15 years ago
|
||
Is this fix only for Linux x86_64 or for all platforms ?
Assignee | ||
Comment 8•15 years ago
|
||
All platforms... (adjusted the platform defs). bob
OS: Linux → All
Hardware: x86_64 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•