diff options
| author | Moonchild <moonchild@palemoon.org> | 2022-07-27 04:17:05 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2022-07-27 04:17:05 +0000 |
| commit | ef4a433814e5f44ec188b020d8d840c083b97ee1 (patch) | |
| tree | 8a43c05575a720438f7c79e312c543dd7b8bd00e | |
| parent | 713d6ed1b4453c13cf47610f7ec01689e8814cb8 (diff) | |
| download | uxp-ef4a433814e5f44ec188b020d8d840c083b97ee1.tar.gz | |
[NSS] Avoid potential data race on primary password change.
| -rw-r--r-- | security/nss/lib/softoken/sftkdb.c | 14 | ||||
| -rw-r--r-- | security/nss/lib/softoken/sftkpwd.c | 6 |
2 files changed, 17 insertions, 3 deletions
diff --git a/security/nss/lib/softoken/sftkdb.c b/security/nss/lib/softoken/sftkdb.c index a1a723fe87..60e9621759 100644 --- a/security/nss/lib/softoken/sftkdb.c +++ b/security/nss/lib/softoken/sftkdb.c @@ -337,7 +337,7 @@ sftkdb_fixupTemplateOut(CK_ATTRIBUTE *template, CK_OBJECT_HANDLE objectID, if ((keyHandle == NULL) || ((SFTK_GET_SDB(keyHandle)->sdb_flags & SDB_HAS_META) == 0) || - (keyHandle->passwordKey.data == NULL)) { + (sftkdb_PWCached(keyHandle) != SECSuccess)) { checkSig = PR_FALSE; } @@ -1601,10 +1601,14 @@ sftkdb_CloseDB(SFTKDBHandle *handle) } (*handle->db->sdb_Close)(handle->db); } + if (handle->passwordLock) { + PZ_Lock(handle->passwordLock); + } if (handle->passwordKey.data) { PORT_ZFree(handle->passwordKey.data, handle->passwordKey.len); } if (handle->passwordLock) { + PZ_Unlock(handle->passwordLock); SKIP_AFTER_FORK(PZ_DestroyLock(handle->passwordLock)); } if (handle->updatePasswordKey) { @@ -2681,7 +2685,7 @@ sftkdb_ResetKeyDB(SFTKDBHandle *handle) { CK_RV crv; - /* only rest the key db */ + /* only reset the key db */ if (handle->type != SFTK_KEYDB_TYPE) { return SECFailure; } @@ -2690,6 +2694,12 @@ sftkdb_ResetKeyDB(SFTKDBHandle *handle) /* set error */ return SECFailure; } + PZ_Lock(handle->passwordLock); + if (handle->passwordKey.data) { + SECITEM_ZfreeItem(&handle->passwordKey, PR_FALSE); + handle->passwordKey.data = NULL; + } + PZ_Unlock(handle->passwordLock); return SECSuccess; } diff --git a/security/nss/lib/softoken/sftkpwd.c b/security/nss/lib/softoken/sftkpwd.c index 83e881f1d9..73294d4631 100644 --- a/security/nss/lib/softoken/sftkpwd.c +++ b/security/nss/lib/softoken/sftkpwd.c @@ -1085,7 +1085,11 @@ done: SECStatus sftkdb_PWCached(SFTKDBHandle *keydb) { - return keydb->passwordKey.data ? SECSuccess : SECFailure; + SECStatus rv; + PZ_Lock(keydb->passwordLock); + rv = keydb->passwordKey.data ? SECSuccess : SECFailure; + PZ_Unlock(keydb->passwordLock); + return rv; } static CK_RV |