Logged in as guest
Viewing Software Bugs/7022 Full headers
Major security issue: yes no
Notes: fixed in master fixed in RE24 Notification:
Date: Tue, 16 Aug 2011 18:09:42 +0000 From: rmeggins@redhat.com To: openldap-its@OpenLDAP.org Subject: Patch - Mozilla NSS - NSS_Init* functions are not thread safe
Full_Name: Rich Megginson Version: current tip of master branch OS: RHEL6 URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch Submission from: (NULL) (76.26.104.137) The NSS_InitContext et. al, and their corresponding shutdown functions, are not thread safe. There can only be one thread at a time calling these functions. Protect the calls with a mutex. Create the mutex using a PR_CallOnce to ensure that the mutex is only created once and not used before created. Move the registration of the nss shutdown callback to also use a PR_CallOnce. Removed the call to SSL_ClearSessionCache() because it is always called at shutdown, and we must not call it more than once. These patch files are derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Red Hat. Red Hat has not assigned rights and/or interest in this work to any party. I, Rich Megginson am authorized by Red Hat, my employer, to release this work under the following terms. Red Hat hereby place the following modifications to OpenLDAP Software (and only these modifications) into the public domain. Hence, these modifications may be freely used and/or redistributed for any purpose with or without attribution and/or other notice.
Date: Wed, 24 Aug 2011 15:34:35 -0700 From: Howard Chu <hyc@symas.com> To: rmeggins@redhat.com CC: openldap-its@openldap.org Subject: Re: (ITS#7022) Patch - Mozilla NSS - NSS_Init* functions are not thread safe
rmeggins@redhat.com wrote: > Full_Name: Rich Megginson > Version: current tip of master branch > OS: RHEL6 > URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch > Submission from: (NULL) (76.26.104.137) > > > The NSS_InitContext et. al, and their corresponding shutdown functions, > are not thread safe. There can only be one thread at a time calling > these functions. Protect the calls with a mutex. Create the mutex > using a PR_CallOnce to ensure that the mutex is only created once and > not used before created. Move the registration of the nss shutdown > callback to also use a PR_CallOnce. Removed the call to > SSL_ClearSessionCache() because it is always called at shutdown, and we must > not call it more than once. We generally assume that all initialization is done before threads are spawned. I seem to recall this is a requirement for GnuTLS, anyway. I've applied this patch but it has a few issues. E.g., the LDAP_MUTEX macros are already defined relative to LDAP_R_COMPILE so they do not need to be protected by ifdefs. In fact the macros are there specifically to eliminate all of those ifdefs. A couple of whitespace strangenesses too. I'll fix these here, thanks for the patch. > > These patch files are derived from OpenLDAP Software. All of the > modifications to OpenLDAP Software represented in the following > patch(es) were developed by Red Hat. Red Hat has not assigned rights > and/or interest in this work to any party. I, Rich Megginson am > authorized by Red Hat, my employer, to release this work under the > following terms. > > Red Hat hereby place the following modifications to OpenLDAP Software > (and only these modifications) into the public domain. Hence, these > modifications may be freely used and/or redistributed for any purpose > with or without attribution and/or other notice. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
______________ © Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org
