Open
Bug 672127
Opened 14 years ago
Updated 1 year ago
Cached OCSP response should not be deleted unless/until replacement is fully constructed
Categories
(NSS :: Libraries, defect, P5)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: briansmith, Unassigned)
Details
+++ This bug was initially created as a clone of Bug #663733 +++
In ocsp_CreateOrUpdateCacheEntry, there is this code:
rv = ocsp_SetCacheItemResponse(cacheItem, single);
if (rv != SECSuccess) {
ocsp_RemoveCacheItem(cache, cacheItem);
PR_ExitMonitor(OCSP_Global.monitor);
return rv;
}
ocsp_SetCacheItemResponse should be atomic, so that if there is any failure, cacheItem is unchanged. Then, the call to ocsp_RemoveCacheItem must be removed. This way, a bad single response or a failure copying it will not destroy information in the cache.
|
Reporter | |
Comment 1•14 years ago
|
||
There might be another problem, where the cache entry's arena will grow each time the status is replaced, because the same arena is used for each version.
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Severity: S3 → S4
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•