OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Bugs/7022
Full headers

From: rmeggins@redhat.com
Subject: Patch - Mozilla NSS - NSS_Init* functions are not thread safe
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Tue, 16 Aug 2011 18:09:42 +0000
From: rmeggins@redhat.com
To: openldap-its@OpenLDAP.org
Subject: Patch - Mozilla NSS - NSS_Init* functions are not thread safe
Full_Name: Rich Megginson
Version: current tip of master branch
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch
Submission from: (NULL) (76.26.104.137)


The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe.  There can only be one thread at a time calling
these functions.  Protect the calls with a mutex.  Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created.  Move the registration of the nss shutdown
callback to also use a PR_CallOnce.  Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.

These patch files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Red Hat. Red Hat has not assigned rights
and/or interest in this work to any party. I, Rich Megginson am
authorized by Red Hat, my employer, to release this work under the
following terms.

Red Hat hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.

Followup 1

Download message
Date: Wed, 24 Aug 2011 15:34:35 -0700
From: Howard Chu <hyc@symas.com>
To: rmeggins@redhat.com
CC: openldap-its@openldap.org
Subject: Re: (ITS#7022) Patch - Mozilla NSS - NSS_Init* functions are not
 thread safe
rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: current tip of master branch
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/0001-NSS_Init-functions-are-not-thread-safe.patch
> Submission from: (NULL) (76.26.104.137)
>
>
> The NSS_InitContext et. al, and their corresponding shutdown functions,
> are not thread safe.  There can only be one thread at a time calling
> these functions.  Protect the calls with a mutex.  Create the mutex
> using a PR_CallOnce to ensure that the mutex is only created once and
> not used before created.  Move the registration of the nss shutdown
> callback to also use a PR_CallOnce.  Removed the call to
> SSL_ClearSessionCache() because it is always called at shutdown, and we
must
> not call it more than once.

We generally assume that all initialization is done before threads are 
spawned. I seem to recall this is a requirement for GnuTLS, anyway.

I've applied this patch but it has a few issues. E.g., the LDAP_MUTEX macros 
are already defined relative to LDAP_R_COMPILE so they do not need to be 
protected by ifdefs. In fact the macros are there specifically to eliminate 
all of those ifdefs.

A couple of whitespace strangenesses too. I'll fix these here, thanks for the 
patch.
>
> These patch files are derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org