diff options
| author | J.C. Jones <jjones@mozilla.com> | 2020-08-29 13:04:08 +0000 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2021-03-15 18:43:00 +0000 |
| commit | 156287f0d8ab617714930ac303d6833ed4dd3f8f (patch) | |
| tree | d1ec9fcac82bc438160e8c289221acdc814e6a34 /security | |
| parent | 2642a2150fb1f12670981e3c0bc1f3f002901986 (diff) | |
| download | uxp-156287f0d8ab617714930ac303d6833ed4dd3f8f.tar.gz | |
[NSS] Prevent slotLock race in NSC_GetTokenInfo
Basically, NSC_GetTokenInfo doesn't lock slot->slotLock before accessing slot
after obtaining it, even though slotLock is defined as its lock.
Diffstat (limited to 'security')
| -rw-r--r-- | security/nss/lib/softoken/pkcs11.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/nss/lib/softoken/pkcs11.c b/security/nss/lib/softoken/pkcs11.c index c9f01483c9..93150cd789 100644 --- a/security/nss/lib/softoken/pkcs11.c +++ b/security/nss/lib/softoken/pkcs11.c @@ -3656,10 +3656,12 @@ NSC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo) PORT_Memcpy(pInfo->model, "NSS 3 ", 16); PORT_Memcpy(pInfo->serialNumber, "0000000000000000", 16); PORT_Memcpy(pInfo->utcTime, "0000000000000000", 16); - pInfo->ulMaxSessionCount = 0; /* arbitrarily large */ + pInfo->ulMaxSessionCount = 0; /* arbitrarily large */ + pInfo->ulMaxRwSessionCount = 0; /* arbitrarily large */ + PZ_Lock(slot->slotLock); /* Protect sessionCount / rwSessioncount */ pInfo->ulSessionCount = slot->sessionCount; - pInfo->ulMaxRwSessionCount = 0; /* arbitarily large */ pInfo->ulRwSessionCount = slot->rwSessionCount; + PZ_Unlock(slot->slotLock); /* Unlock before sftk_getKeyDB */ pInfo->firmwareVersion.major = 0; pInfo->firmwareVersion.minor = 0; PORT_Memcpy(pInfo->label, slot->tokDescription, sizeof(pInfo->label)); |