rpms/jss
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import jss-4.6.2-6.module+el8.2.0+6305+445d7b5a

Browse Source
This commit is contained in:
CentOS Sources 2020-04-28 12:09:30 -04:00 committed by Andrew Lukoshko
parent c4f7185131
commit b98978f120
3 changed files with 267 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
SOURCES/0005-Fix-NativeProxy-release.patch Normal file
View File

@ -0,0 +1,147 @@
From e623f14abcee16b5dfc57d6956e0ab4bb526ba5b Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 8 Apr 2020 12:21:49 -0400
Subject: [PATCH] Fix NativeProxy registry tracking
When the switch was made to a HashSet-based registry in
eb5df01003d74b57473eacb84e538d31f5bb06ca, NativeProxy didn't override
hashCode(...). This resulted in calls to close() (and thus, finalize())
not invoking the releaseNativeResources() function to release the
underlying memory.
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
org/mozilla/jss/util/NativeProxy.java | 55 +++++++++++++++++++++------
1 file changed, 44 insertions(+), 11 deletions(-)
diff --git a/org/mozilla/jss/util/NativeProxy.java b/org/mozilla/jss/util/NativeProxy.java
index a0811f76..385c49f9 100644
--- a/org/mozilla/jss/util/NativeProxy.java
+++ b/org/mozilla/jss/util/NativeProxy.java
@@ -9,8 +9,10 @@ import java.util.HashSet;
import java.lang.AutoCloseable;
import java.lang.Thread;
import java.util.Arrays;
+import java.util.concurrent.atomic.AtomicInteger;
import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.netscape.security.util.Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,11 +41,13 @@ public abstract class NativeProxy implements AutoCloseable
* NativeProxy instance acts as a proxy for that native data structure.
*/
public NativeProxy(byte[] pointer) {
- assert(pointer!=null);
+ assert(pointer!=null);
+
mPointer = pointer;
- registry.add(this);
+ mHashCode = registryIndex.getAndIncrement();
if (saveStacktraces) {
+ registry.add(this);
mTrace = Arrays.toString(Thread.currentThread().getStackTrace());
}
}
@@ -55,18 +59,31 @@ public abstract class NativeProxy implements AutoCloseable
* a different underlying native pointer.
*/
public boolean equals(Object obj) {
- if(obj==null) {
+ if (obj == null) {
return false;
}
- if( ! (obj instanceof NativeProxy) ) {
+ if (!(obj instanceof NativeProxy)) {
return false;
}
- if (((NativeProxy)obj).mPointer == null) {
- /* If mPointer is null, we have no way to compare the values
- * of the pointers, so assume they're unequal. */
+ NativeProxy nObj = (NativeProxy) obj;
+ if (this.mPointer == null || nObj.mPointer == null) {
return false;
}
- return Arrays.equals(((NativeProxy)obj).mPointer, mPointer);
+
+ return Arrays.equals(this.mPointer, nObj.mPointer);
+ }
+
+ /**
+ * Hash code based around mPointer value.
+ *
+ * Note that Object.hashCode() isn't sufficient as it tries to determine
+ * the Object's value based on all internal variables. Because we want a
+ * single static hashCode that is unique to each instance of nativeProxy,
+ * we construct it up front based on an incrementing counter and cache it
+ * throughout the lifetime of this object.
+ */
+ public int hashCode() {
+ return mHashCode;
}
/**
@@ -112,11 +129,11 @@ public abstract class NativeProxy implements AutoCloseable
*/
public final void close() throws Exception {
try {
- if (registry.remove(this)) {
+ if (mPointer != null) {
releaseNativeResources();
}
} finally {
- mPointer = null;
+ clear();
}
}
@@ -131,13 +148,16 @@ public abstract class NativeProxy implements AutoCloseable
*/
public final void clear() {
this.mPointer = null;
- registry.remove(this);
+ if (saveStacktraces) {
+ registry.remove(this);
+ }
}
/**
* Byte array containing native pointer bytes.
*/
private byte mPointer[];
+ private int mHashCode;
/**
* String containing backtrace of pointer generation.
@@ -158,6 +178,15 @@ public abstract class NativeProxy implements AutoCloseable
* releaseNativeResources() gets called.
*/
static HashSet<NativeProxy> registry = new HashSet<NativeProxy>();
+ static AtomicInteger registryIndex = new AtomicInteger();
+
+ public String toString() {
+ if (mPointer == null) {
+ return this.getClass().getName() + "[" + mHashCode + "@null]";
+ }
+
+ return this.getClass().getName() + "[" + mHashCode + "@" + Utils.HexEncode(mPointer) + "]";
+ }
/**
* Internal helper to check whether or not assertions are enabled in the
@@ -178,6 +207,10 @@ public abstract class NativeProxy implements AutoCloseable
* is thrown.
*/
public synchronized static void assertRegistryEmpty() {
+ if (!saveStacktraces) {
+ return;
+ }
+
if (!registry.isEmpty()) {
logger.warn(registry.size() + " NativeProxys are still registered.");
--
2.25.2

108
SOURCES/0006-Fix-SSLSocket-closure.patch Normal file
View File

@ -0,0 +1,108 @@
From 278ff534e0a30cb112e8c29de573bf45b4264ad2 Mon Sep 17 00:00:00 2001
From: Alexander Scheel <ascheel@redhat.com>
Date: Wed, 15 Apr 2020 08:20:37 -0400
Subject: [PATCH] Fix SSLSocket closure
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
---
org/mozilla/jss/ssl/SocketBase.java | 14 +++++++++++-
org/mozilla/jss/ssl/common.c | 34 +++++++++++++++++++----------
2 files changed, 36 insertions(+), 12 deletions(-)
diff --git a/org/mozilla/jss/ssl/SocketBase.java b/org/mozilla/jss/ssl/SocketBase.java
index 2c835913..27109369 100644
--- a/org/mozilla/jss/ssl/SocketBase.java
+++ b/org/mozilla/jss/ssl/SocketBase.java
@@ -106,7 +106,19 @@ class SocketBase {
static final int SSL_AF_INET6 = 51;
void close() throws IOException {
- socketClose();
+ try {
+ if (sockProxy != null) {
+ socketClose();
+ sockProxy.close();
+ }
+ } catch (Exception e) {
+ String msg = "Unexpected exception while trying to finalize ";
+ msg += "SocketProxy: " + e.getMessage();
+
+ throw new IOException(msg, e);
+ } finally {
+ sockProxy = null;
+ }
}
// SSLServerSocket and SSLSocket close methods
diff --git a/org/mozilla/jss/ssl/common.c b/org/mozilla/jss/ssl/common.c
index 2db9fda1..2c52a9d6 100644
--- a/org/mozilla/jss/ssl/common.c
+++ b/org/mozilla/jss/ssl/common.c
@@ -333,21 +333,28 @@ JNIEXPORT void JNICALL
Java_org_mozilla_jss_ssl_SocketProxy_releaseNativeResources
(JNIEnv *env, jobject this)
{
- /* SSLSocket.close and SSLServerSocket.close call */
- /* SocketBase.close to destroy all native Resources */
- /* attached to the socket. There is no native resource */
- /* to release after close has been called. This method */
- /* remains because SocketProxy extends org.mozilla.jss.util.NativeProxy*/
- /* which defines releaseNativeResources as abstract and */
- /* therefore must be implemented by SocketProxy */
+ JSSL_SocketData *sockdata;
+
+ PR_ASSERT(env != NULL && this != NULL);
+
+ if (JSS_getPtrFromProxy(env, this, (void**)&sockdata) != PR_SUCCESS) {
+ return;
+ }
+
+ JSSL_DestroySocketData(env, sockdata);
}
void
JSSL_DestroySocketData(JNIEnv *env, JSSL_SocketData *sd)
{
- PR_ASSERT(sd != NULL);
+ if (sd == NULL) {
+ return;
+ }
- PR_Close(sd->fd);
+ if (sd->fd != NULL) {
+ PR_Close(sd->fd);
+ sd->fd = NULL;
+ }
if( sd->socketObject != NULL ) {
DELETE_WEAK_GLOBAL_REF(env, sd->socketObject );
@@ -367,6 +374,8 @@ JSSL_DestroySocketData(JNIEnv *env, JSSL_SocketData *sd)
if( sd->lock != NULL ) {
PR_DestroyLock(sd->lock);
}
+
+ memset(sd, 0, sizeof(JSSL_SocketData));
PR_Free(sd);
}
@@ -540,12 +549,15 @@ Java_org_mozilla_jss_ssl_SocketBase_socketClose(JNIEnv *env, jobject self)
JSSL_SocketData *sock = NULL;
/* get the FD */
- if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS) {
+ if( JSSL_getSockData(env, self, &sock) != PR_SUCCESS || sock == NULL) {
/* exception was thrown */
return;
}
- JSSL_DestroySocketData(env, sock);
+ if (sock->fd != NULL) {
+ PR_Close(sock->fd);
+ sock->fd = NULL;
+ }
}
JNIEXPORT void JNICALL
--
2.25.2

13
SPECS/jss.spec
View File

@ -7,7 +7,7 @@ URL: http://www.dogtagpki.org/wiki/JSS
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Version: 4.6.2 Version: 4.6.2
Release: 4%{?_timestamp}%{?_commit_id}%{?dist} Release: 6%{?_timestamp}%{?_commit_id}%{?dist}
# global _phase -a1 # global _phase -a1
# To generate the source tarball: # To generate the source tarball:
@ -29,6 +29,8 @@ Patch0: 0001-Fix-NativeProxy-reference-tracker.patch
Patch1: 0002-Fix-swapped-parameter-names-with-PBE.patch Patch1: 0002-Fix-swapped-parameter-names-with-PBE.patch
Patch3: 0003-Use-specified-algorithm-for-KeyWrap.patch Patch3: 0003-Use-specified-algorithm-for-KeyWrap.patch
Patch4: 0004-Remove-token-key-checks.patch Patch4: 0004-Remove-token-key-checks.patch
Patch5: 0005-Fix-NativeProxy-release.patch
Patch6: 0006-Fix-SSLSocket-closure.patch
################################################################################ ################################################################################
# Build Dependencies # Build Dependencies
@ -163,6 +165,15 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
################################################################################ ################################################################################
%changelog %changelog
* Wed Apr 15 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-6
- NativeProxy never calls releaseNativeResources - Memory Leak
Additional patch to fix SSLSocket resource freeing
Bugzilla #1822402
* Tue Apr 14 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-5
- NativeProxy never calls releaseNativeResources - Memory Leak
Bugzilla #1822402
* Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4 * Mon Mar 23 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.6.2-4
- Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing - Red Hat Bugzilla #1807371 - KRA-HSM: Async and sync key recovery using kra agent web is failing