aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorAlex Dupre <ale@FreeBSD.org>2010-06-25 15:36:28 +0000
committerAlex Dupre <ale@FreeBSD.org>2010-06-25 15:36:28 +0000
commit7a21291cd6bf8e4216b85debc27154ce4bf6b6ed (patch)
tree261427c4c2ab897bdca51eac80d8d70ab04a80c4 /security
parentf9a10d9ad02ef08c11d5e114368de6a791a1d7cb (diff)
downloadports-7a21291cd6bf8e4216b85debc27154ce4bf6b6ed.tar.gz
ports-7a21291cd6bf8e4216b85debc27154ce4bf6b6ed.zip
Fix race condition in sqlite3 backend (Bug#564011).
Approved by: mezz Feature safe: yes
Notes
Notes: svn path=/head/; revision=256957
Diffstat (limited to 'security')
-rw-r--r--security/nss/Makefile2
-rw-r--r--security/nss/files/patch-lib_softoken_sftkdb.c101
2 files changed, 98 insertions, 5 deletions
diff --git a/security/nss/Makefile b/security/nss/Makefile
index 53acbb37015a..54b047b9fa4f 100644
--- a/security/nss/Makefile
+++ b/security/nss/Makefile
@@ -7,7 +7,7 @@
PORTNAME= nss
PORTVERSION= ${_MAJOR}.${_MINOR}.${_PATCH}
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_MOZILLA}
MASTER_SITE_SUBDIR= security/nss/releases/NSS_${PORTVERSION:S/./_/g}_RTM/src
diff --git a/security/nss/files/patch-lib_softoken_sftkdb.c b/security/nss/files/patch-lib_softoken_sftkdb.c
index 494ea115fe83..cb0d02f16346 100644
--- a/security/nss/files/patch-lib_softoken_sftkdb.c
+++ b/security/nss/files/patch-lib_softoken_sftkdb.c
@@ -1,6 +1,99 @@
---- lib/softoken/sftkdb.c.orig 2010-05-18 16:12:16.000000000 +0200
-+++ lib/softoken/sftkdb.c 2010-05-18 16:14:37.000000000 +0200
-@@ -766,6 +766,11 @@
+--- lib/softoken/sftkdb.c.orig 2010-06-24 13:58:26.000000000 +0200
++++ lib/softoken/sftkdb.c 2010-06-24 13:58:37.000000000 +0200
+@@ -509,18 +509,23 @@
+ CK_ULONG count)
+ {
+ int i;
++ CK_RV crv;
+ SFTKDBHandle *keyHandle = handle;
+ SDB *keyTarget = NULL;
++ PRBool usingPeerDB = PR_FALSE;
++ PRBool inPeerDBTransaction = PR_FALSE;
+
+ PORT_Assert(handle);
+
+ if (handle->type != SFTK_KEYDB_TYPE) {
+ keyHandle = handle->peerDB;
++ usingPeerDB = PR_TRUE;
+ }
+
+ /* no key DB defined? then no need to sign anything */
+ if (keyHandle == NULL) {
+- return CKR_OK;
++ crv = CKR_OK;
++ goto loser;
+ }
+
+ /* When we are in a middle of an update, we have an update database set,
+@@ -532,7 +537,17 @@
+
+ /* skip the the database does not support meta data */
+ if ((keyTarget->sdb_flags & SDB_HAS_META) == 0) {
+- return CKR_OK;
++ crv = CKR_OK;
++ goto loser;
++ }
++
++ /* If we had to switch databases, we need to initialize a transaction. */
++ if (usingPeerDB) {
++ crv = (*keyTarget->sdb_Begin)(keyTarget);
++ if (crv != CKR_OK) {
++ goto loser;
++ }
++ inPeerDBTransaction = PR_TRUE;
+ }
+
+ for (i=0; i < count; i ++) {
+@@ -546,23 +561,44 @@
+ PZ_Lock(keyHandle->passwordLock);
+ if (keyHandle->passwordKey.data == NULL) {
+ PZ_Unlock(keyHandle->passwordLock);
+- return CKR_USER_NOT_LOGGED_IN;
++ crv = CKR_USER_NOT_LOGGED_IN;
++ goto loser;
+ }
+ rv = sftkdb_SignAttribute(arena, &keyHandle->passwordKey,
+ objectID, template[i].type,
+ &plainText, &signText);
+ PZ_Unlock(keyHandle->passwordLock);
+ if (rv != SECSuccess) {
+- return CKR_GENERAL_ERROR; /* better error code here? */
++ crv = CKR_GENERAL_ERROR; /* better error code here? */
++ goto loser;
+ }
+ rv = sftkdb_PutAttributeSignature(handle, keyTarget,
+ objectID, template[i].type, signText);
+ if (rv != SECSuccess) {
+- return CKR_GENERAL_ERROR; /* better error code here? */
++ crv = CKR_GENERAL_ERROR; /* better error code here? */
++ goto loser;
+ }
+ }
+ }
+- return CKR_OK;
++ crv = CKR_OK;
++
++ /* If necessary, commit the transaction */
++ if (inPeerDBTransaction) {
++ crv = (*keyTarget->sdb_Commit)(keyTarget);
++ if (crv != CKR_OK) {
++ goto loser;
++ }
++ inPeerDBTransaction = PR_FALSE;
++ }
++
++loser:
++ if (inPeerDBTransaction) {
++ /* The transaction must have failed. Abort. */
++ (*keyTarget->sdb_Abort)(keyTarget);
++ PORT_Assert(crv != CKR_OK);
++ if (crv == CKR_OK) crv = CKR_GENERAL_ERROR;
++ }
++ return crv;
+ }
+
+ static CK_RV
+@@ -766,6 +802,11 @@
if (attr == NULL) {
return CKR_TEMPLATE_INCOMPLETE;
}
@@ -12,7 +105,7 @@
findTemplate[1] = *attr;
count = 2;
break;
-@@ -827,6 +832,11 @@
+@@ -827,6 +868,11 @@
}
crv = sftkdb_getFindTemplate(objectType, objTypeData,
findTemplate, &count, ptemplate, len);