Fix PKCS#11 module leak if C_GetSlotInfo() failed

This commit is contained in:
Daiki Ueno 2019-05-06 18:33:40 +02:00
parent 5deb5dd362
commit 141e716639
2 changed files with 41 additions and 1 deletions

35
nss-module-leak.patch Normal file
View File

@ -0,0 +1,35 @@
# HG changeset patch
# User Daiki Ueno <dueno@redhat.com>
# Date 1557150127 -7200
# Mon May 06 15:42:07 2019 +0200
# Node ID 438ac983bda9ec7944990d22a37877e9111caa90
# Parent b018f3e84d87cce99a1fd81feeecb31123058687
pk11slot: reference module from slot for finalization
diff --git a/lib/pk11wrap/pk11slot.c b/lib/pk11wrap/pk11slot.c
--- a/lib/pk11wrap/pk11slot.c
+++ b/lib/pk11wrap/pk11slot.c
@@ -1439,6 +1439,11 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
slot->slotID = slotID;
slot->isThreadSafe = mod->isThreadSafe;
slot->hasRSAInfo = PR_FALSE;
+ slot->module = mod; /* NOTE: we don't make a reference here because
+ * modules have references to their slots. This
+ * works because modules keep implicit references
+ * from their slots, and won't unload and disappear
+ * until all their slots have been freed */
if (PK11_GETTAB(slot)->C_GetSlotInfo(slotID, &slotInfo) != CKR_OK) {
slot->disabled = PR_TRUE;
@@ -1448,11 +1453,6 @@ PK11_InitSlot(SECMODModule *mod, CK_SLOT
/* test to make sure claimed mechanism work */
slot->needTest = mod->internal ? PR_FALSE : PR_TRUE;
- slot->module = mod; /* NOTE: we don't make a reference here because
- * modules have references to their slots. This
- * works because modules keep implicit references
- * from their slots, and won't unload and disappear
- * until all their slots have been freed */
(void)PK11_MakeString(NULL, slot->slot_name,
(char *)slotInfo.slotDescription, sizeof(slotInfo.slotDescription));
slot->isHW = (PRBool)((slotInfo.flags & CKF_HW_SLOT) == CKF_HW_SLOT);

View File

@ -43,7 +43,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM",
Summary: Network Security Services
Name: nss
Version: %{nss_version}
Release: 2%{?dist}
Release: 3%{?dist}
License: MPLv2.0
URL: http://www.mozilla.org/projects/security/pki/nss/
Requires: nspr >= %{nspr_version}
@ -93,6 +93,8 @@ Source28: nss-p11-kit.config
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723
Patch2: nss-539183.patch
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1549382
Patch3: nss-module-leak.patch
# This patch uses the GCC -iquote option documented at
# http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options
# to give the in-tree headers a higher priority over the system headers,
@ -866,6 +868,9 @@ update-crypto-policies &> /dev/null || :
%changelog
* Mon May 6 2019 Daiki Ueno <dueno@redhat.com> - 3.43.0-3
- Fix PKCS#11 module leak if C_GetSlotInfo() failed
* Tue Mar 26 2019 Elio Maldonado <elio.maldonado.batiz@gmail.com> - 3.43.0-2
- Update %%{nspr_version} to 4.21.0 and remove obsolete comment